Jump to content

Protecting from autoclick


UnfoX

Recommended Posts

I have a system which there is a button in it. Users are allowed to click at say 1 hour periods. Once user clicked the button, he should wait 1 hour to be able to click again.

 

But I have a problem. Some users codes some applications which clicks on a coordinate on a page. So they set the timer and automatically click the button every hour.

 

I want to prevent that. But I don't want to use captcha. Is there any other alternative to prevent autoclicking?

 

Thank you all

Link to comment
Share on other sites

Not really.  There are macro programs out there that use VB scripts to locate images and click, so even moving the button around may not be sufficient.

 

All you can really do is make it inconvenient to setup a macro for clicking... such as making the button shape/size/color/text/position random per page load, as well as making sure that clicks only come from your website. (So they don't make their own form that mimics yours, negating your "clickproofing".

 

Perhaps if you could make it a Q/A system.  Have it state the thing like: "click on the blue triangle" and have 3 images , 2 of them triangles, 1 being blue, etc.  Also be sure to change the wording around.  It really comes down to making it inconvenient to map out the possible answers, while still making it easy for a human to decipher and click.

Link to comment
Share on other sites

 

All you can really do is make it inconvenient to setup a macro for clicking... such as making the button shape/size/color/text/position random per page load, as well as making sure that clicks only come from your website. (So they don't make their own form that mimics yours, negating your "clickproofing".

 

But at least, when the page is loaded, the button id will be obvious. Than the macro can go through the source code and get the button id and its position and lately click to it. At least it can try to click all the buttons in the page where there is only 2 of them. Have I missed something?

 

Your latest suggestion seems like more user-friendly. Captcha is worse way for a user to click a button. Maybe more visual protections without using keypad can be a better solution. Is there any application of this type protection like select-the-blue-triangle ?

 

Thank you

Link to comment
Share on other sites

Hi, Sorry for the delay, I've been busy.

 

Nothing can be completely avoided, necessity is the mother of invention.  Eventually someone will find a way if it's valuable enough to them.

 

My recommendations are:

+randomize the name of the field, store it in the session so that it's harder to scrape (source code)

+use flash instead for it

+have dummy buttons that change the page or do something weird

 

The "click the blue triangle" thing I've suggested is just another variation of captcha IMO.  I do not know of any examples off hand, but it reminds me a joke screenshot of a russian captcha asking the user to solve a math problem, displayed as an image.

 

Really, you're just trying to avoid the standard ways of verifying that most people are accustomed to [breaking].  Your concern is that your methods do not become more of a hindrance to legit users, while trying to deter the cheaters.

Link to comment
Share on other sites

  • 2 weeks later...

+randomize the name of the field, store it in the session so that it's harder to scrape (source code)

 

This is similar to what xtopolis said, You can create a generated token from the form page, and pass it in a hidden field to the processing page.  This will at least disable any outside form from submitting.  If the page is loaded then scraped, it's difficult to determine whether it was loaded by a human or script without some type of captcha.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.