[JC-1750] Honeypots anti-bot - JTalks JIRA

Details

Type: Story
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4 Larks
Fix Version/s: 2.6 Larks
Labels:
None

Sprint:
2.6 Larks

Description

As an Owner I'd like to be secured from bots so that I'm not flooded with spam

Honeypot is a popular technique that works like that:

We put an invisible field on form (display: none)
If the field was filled, then it's a bot that fills all the fields on form

Acceptance Criteria:

There is invisible field in both registration forms (pop up and registration page).
If the bot is detected (invisible field is filled with some data), user sees a pop up message like "Invalid request!". Bot is redirected to the main page.
Info about bot (IP, email and user-agent) is wrote to the application log (to prevent bot activity in future).

Attachments

Issue Links

relates to

ANTARCTICLE-248 Registration in Antarcticle without Poulpe

Closed

Structure Settings

Structure

(does not include JC-1750)

Activity

Ascending order - Click to sort in descending order

12 older comments

Hide

Permalink

Julia Atlygina added a comment - 07/Mar/14 11:34 AM

Artem R please take a look also on this story as a owner

Show

Julia Atlygina added a comment - 07/Mar/14 11:34 AM Artem R please take a look also on this story as a owner

Hide

Permalink

Keiran added a comment - 07/Mar/14 3:35 PM - edited

For editing page source code use FireBug plugin for Firefox or press F12 for Chrome

Pre-condition:

Registration form is opened

Edit source code element:

 <div class="hide-element">

 <div class="control-group">

Test scenario

Fill all input fields with correct data
Enter in 'Please leave this field empty' any text
Click 'Sign Up'

ER=AR: Error message 'Invalid registration request.', information added to jcommune-application.log

Pre-condition:

Registration pop-up form is opened

Edit source code element:

 'class="input-xlarge hide-element"

 class="input-xlarge"

Test scenario

Fill all input fields with correct data
Enter in 'Please leave this field empty' any text
Click 'Sign Up'

ER=AR: Error message 'Invalid registration request.', information added to jcommune-application.log

Checked for all langauge. All tests pass

Regression testing:

test	result
Register user, correct data	pass
Register user, existing username	pass
Register user, existing e-mail	pass
Registeruser, empty fields (login/e-mail/password/confirm password/captcha)	pass
Acrivate user	pass
Login user	pass
Logout	pass

Test results: all tests passed

Note:

There is no dot at the end of all old error messages, but all new once do have this dot.
In Ukranian error message text is 'Невірний запит під час режстраціх.'. It must be 'Невірний запит під час реєстрації'

Show

Keiran added a comment - 07/Mar/14 3:35 PM - edited For editing page source code use FireBug plugin for Firefox or press F12 for Chrome Pre-condition: Registration form is opened Edit source code element: <div class= "hide-element" > to <div class= "control-group" > Test scenario Fill all input fields with correct data Enter in 'Please leave this field empty' any text Click 'Sign Up' ER = AR : Error message 'Invalid registration request.', information added to jcommune-application.log Pre-condition: Registration pop-up form is opened Edit source code element: 'class= "input-xlarge hide-element" to class= "input-xlarge" Test scenario Fill all input fields with correct data Enter in 'Please leave this field empty' any text Click 'Sign Up' ER = AR : Error message 'Invalid registration request.', information added to jcommune-application.log Checked for all langauge. All tests pass Regression testing: test result Register user, correct data pass Register user, existing username pass Register user, existing e-mail pass Registeruser, empty fields (login/e-mail/password/confirm password/captcha) pass Acrivate user pass Login user pass Logout pass Test results: all tests passed Note: There is no dot at the end of all old error messages, but all new once do have this dot. In Ukranian error message text is 'Невірний запит під час режстраціх.'. It must be 'Невірний запит під час реєстрації'

Hide

Permalink

Keiran added a comment - 07/Mar/14 4:46 PM

All tests passed, issue closed

Show

Keiran added a comment - 07/Mar/14 4:46 PM All tests passed , issue closed

Hide

Permalink

Julia Atlygina added a comment - 09/Mar/14 12:34 AM

Keiran, what about notes? were they fixed?

Show

Julia Atlygina added a comment - 09/Mar/14 12:34 AM Keiran , what about notes? were they fixed?

Hide

Permalink

Keiran added a comment - 09/Mar/14 1:40 AM

Second note is fixed. First is invisible for normal users.

Show

Keiran added a comment - 09/Mar/14 1:40 AM Second note is fixed. First is invisible for normal users.

People

Assignee:

Keiran

Reporter:

Stanislav Bashkyrtsev

Votes:

0 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

19/Jan/14 3:13 AM

Updated:

01/Oct/14 9:25 PM

Resolved:

06/Mar/14 1:03 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Not Specified

Logged:

0.45h

Structure Helper Panel