@aral as a small web person, do you have any thoughts on captcha alternatives? We keep getting hit with bots testing stolen cards by signing up to memberships. Looking at Cloudflare turnstile but wondered if you had any thoughts?
Conversation
Notices
-
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 01:15:51 JST 
Paul
-
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 01:15:50 JST 
Aral Balkan
@paulcox Have you considered trying a honeypot field (an invisible form field which, if it gets filled in, you know it’s a bot).
I’d avoid Cloudflare if possible. Too much is centralised there already. It’s a huge privacy concern and single point of failure.)
-
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 01:42:45 JST
Aral Balkan
@paulcox Do let me know how it goes. I’ve never felt the need myself. Likely because I’ve only ever used Stripe when I needed to implement payments and they’re pretty good about handling that stuff without fuss.
-
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 01:42:46 JST
Paul
@aral I had a look at that, but didn't seem likely enough to stop them, as easy to figure out with a quick look and work around it... but I could try that first and see. Have you had success with it previously?
-
Aral Balkan (aral@mastodon.ar.al)'s status on Friday, 11-Aug-2023 22:28:32 JST
Aral Balkan
@paulcox Oh wow, that sucks. Have you activated Stripes anti-fraud measures across your whole site (not just the payment page). Personally, I’m hesitant to do that as I don’t want a third party collecting data on the whole site but that might be one possible mitigation (?)
Best of luck, regardless. Sounds like a nightmare.
-
Paul (paulcox@toot.wales)'s status on Friday, 11-Aug-2023 22:28:33 JST
Paul
@aral yeah, we use Stripe as well, but yesterday we had over 1000 attempts to create memberships with different cards and 100 went through. We must be on someone's list somewhere.
-
All 076萌SNS content and data are available under the