Contrib.social

Add antibot integration

Open on Drupal.org →
Created on 2 September 2024, 4 months ago

Problem/Motivation

Antibot is a lightweight module designed to eliminate robotic form submissions. Via JS it waits for a mouse to move, an enter or tab key to be pressed, or a mobile swipe gesture before the action of the form is switched back to the path that it was originally set to be.

Steps to reproduce

Proposed resolution

Add a subscriber to the /antibot route. If the route is accessed, ban that user, respecting perimeter's flood configuration.

One other thing @Berdir also mentioned is that there could be different thresholds per source there or even add configuration for antibot/honeypot triggers.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task
Status

Needs work

Version

3.0

Component

Code

Created by

🇸🇮Slovenia primsi

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @primsi
  • Merge request !27Issue #3471565: add antibot integration. → (Open) created by primsi
  • Status changed to Needs review 4 months ago
  • Comment 4 months ago
    🇸🇮Slovenia primsi

    I am not sure about the test here. /antibot needs to be requested via POST, to not get the cached page, but I did just expand the existing Functional test.

  • Comment 4 months ago
    🇸🇮Slovenia primsi
  • Pipeline finished with Failed
    4 months ago
    Total: 180s
    #271551
  • Status changed to Needs work 4 months ago
  • Comment 4 months ago
    🇨🇭Switzerland berdir Switzerland

    > One other thing @Berdir also mentioned is that there could be different thresholds per source there or even add configuration for antibot/honeypot triggers.

    not per source automatically but only configurable. The idea is that the /antibot and also honeypot are much more likely to be hit accidentally by real users than some wordpress thing. There are for example bugs in antibot in case of empty multistep forms where you can click without a mouse movement. So there is an argument to have higher thresholds for that.

    Also, the route based approach is a workaround due to antibot not having a hook/event.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024