I have a newsletter subscription form on a website using Kentico 9. There is a simple captcha : "prompts users to retype a sequence of numbers from an image". Since a few month, I have noticed a lot of new subscriptions with email address that can look real because of the domain. But names attached to the email address are only a series of letters (example : vPkGNFtUjyxcEQ). I verified some email address on CleanTalk and they were reported as spam.
Is it possible for bots to subscribe to the newsletter even with this kind of captcha? How can I prevent that?
Thanks!
Yes, it is possible for bots to submit those old captcha forms. You're better off to introduce the reCaptcha v2 or v3 on your site. There is some code on the old Kentico Marketplace which allows you to import and use the new reCaptcha functionality.
Related
First of all, I apologize for eventual noob questions, we are very new to the DocuSign API and are currently trying to wrap our heads around which is the most correct way of accessing the API.
I will start with an overview of our use case. We recently purchased a DocuSign prod. Account with an Organization enabled.
We have a Partner which uses a CMS Tooling which integrates with said DocuSign Account. This Tool allows for the Backoffice to create envelopes with documents inside and a url which leads to the signin ceremony through the Templates that we create inside the DocuSign Account. This url is afterwards send to the customer for them to sign the documents in the envelope. This Part is working and is currently being used.
Now what we want to achieve on our side, we have a nextJS web-app which allows the same customers (Which are the receivers of the created envelopes in the step above, same e-mail in both steps) to sign-in our web-app. We want to show the customer in a dashboard, if there are envelopes for him open that he can sign and if this is the case we want to show him the url which leads to the signin ceremony.
We were able to see that as soon as an envelope for a certain User is created through the CMS Tooling, we can see that envelope in our DocuSign Prod Account.
Now our thought process was, to show our customer his open envelopes, we just fetch all open envelopes in our DocuSign Account which match the customers E-Mail.
Is there anything wrong with this process or are we overlooking something?
And if it is okay to proceed this way which of the OAuth Flows is the correct one to use for this case?
From my understanding, the JWT Flow seems like the most reasonable one? Since the Customers that need to sign the documents, will not have any DocuSign accounts.
What have you tried to solve the issue?
We tried using the direct API Access, which worked when set up correctly but since we didn't have a OAuth Flow in place the Access token is only valid for restricted amount of time obviously and has to be refreshed. Hence we have to think first about how to grant access correctly
I would love to hear, what the right approach would be to achieve our desired result.
Once again Apologies for this kind of question, just trying to have a better understanding before we start building :)
Best regards!
According to the use case you mentioned using JWT Grant is fine as users of your integration will use a single system account to log in, you should use JWT Grant.
I would recommend going with the below link to know more regards different use cases and check the knowledge
https://developers.docusign.com/platform/auth/choose/
https://developers.docusign.com/platform/auth/oauth2-requirements-migration/
I'm facing card testing attack lately on a website that uses stripe checkout.
After two days of being under attack, I finally deactivate the concerned page which leaves my website without any way to pay for services.
Now I would like to add a recaptcha to protect the stripe button, but just can't seem to understand how to do it.
I have a page with three services, under each one is a stripe checkout button. What I would like to do is to prevent bots to access the Stripe checkout page, which is external and hosted on stripe servers.
I did recaptcha integrations before in php and with a regular form. Here I'm working with nodejs and there's no real form to query. Is it possible to prevent bots from accessing those buttons ?
I saw some tutorials online but everytime the form is hosted on local server.
If you have a clue, it would be a great help.
Thank you
Have you followed the official Google docs for reCAPTCHA v3? They provide code snippets and go into detail about how to do this.
https://developers.google.com/recaptcha/docs/v3
It's easiest to implement it in the payment flow before your customers ever get to the page with the Checkout button (e.g. on the shopping cart page), but you can also bind it to the form action that triggers the creation of the Checkout Session.
Hi everyone I have been trying to know how to force gmail to add events to a calendar similar to how airbnb and airline tickets or even eventbrite does it, is there a standard email one can send or is it based on domain reputation to make it happen.
If we are talking about creating events in Google Calendar based on the content of an email (either inbound or outbound email) then Google already has these features called Smart features & controls. For trip information, you would need to set up your Google Account for Google Travel.
Just take note how Google indexes these search terms or metadata only includes the first 1MB of a content on an email to identify if the smart features will automatically detect and suggest a creation of event based on the content of an email. See info here
" is there a standard email one can send or is it based on domain
reputation to make it happen. "
Based on the question above, the domain reputation will only be relevant if you have integrated a third-party mail service within your Google Account, assuming you have Google Workspace, you can check this link for SMTP relay setup.
Other than that, using Google Calendar API only limits you based on your Quota Limits for Google Services.
See also:
Avoid Calendar use limits - Google Workspace Admin Help
Proper accounting with service accounts | Calendar API | Google Developers
Limiting Requests Per User | Capping API usage | Cloud APIs | Google Cloud
I am trying to use DocuSign in my app, it’s really an excellent tool, however, I've met some problems and hope you could help me with
it, thanks.
First of all, let me explain my scenario, let’s say Annie who are using my app, Annie opens a document in the app, she generate a digital
signature of her own on the document, then she shares the document to Tom and invite Tom to sign his name on the document.
I leveraged DocuSign Api with the following step to complete the above scenario:
For each document user opened, create an envelope
Open console/sender view in embedded h5 view
User will sign his/her name and edit it in embedded view
My questions are:
·User needs to have a DocuSign account to use console/sender view, but Annie or Tom don’t have an account and may not would like to register a DocuSign account in the app.
Is it possible for me to create an account for Annie through some kind of Api?
· Even if they already have valid accounts, Annie signs her name on the document, when she wants to invite Tom to sign on the document on a certain place, she have no way to find Tom on the page she edited as DocuSign do not know Tom and I could not add Tom’s information on the page.
Is there any kind of method that I can show Annie’s contacts on the page and let Annie to select any contact on it?
My questions are:
User needs to have a DocuSign account to use console/sender view, but Annie or Tom don’t have an account and may not would like to register a DocuSign account in the app.
The sender of the signing request needs an account. The sender can be either a "system" account (your application) or a human. Often a human's account is used, that way he or she will receive back information about the signing progress, will see the signed document stored in DocuSign, etc.
Is it possible for me to create an account for Annie through some kind of Api?
Yes, your app (and your account) can be enabled to use the API to provision new sender accounts. These accounts cost money, so in this case, your company is reselling DocuSign services to your end customers. DocuSign is happy to work with you to enable this.
Even if they already have valid accounts, Annie signs her name on the document, when she wants to invite Tom to sign on the document on a certain place, she have no way to find Tom on the page she edited as DocuSign do not know Tom and I could not add Tom’s information on the page.
Is there any kind of method that I can show Annie’s contacts on the page and let Annie to select any contact on it?
If your app is creating the envelope via the API, then your app can show Annie a list of recipients and let Annie pick Tom via your app. Then your app creates the envelope/transaction/signing request in DocuSign, including Annie and Tom as signers.
Then, via the Sender View, Annie can see the document before it is sent. Your app can do more than just add Tom as a signer: your app can add the "tabs" that control where Tom will sign, initial, and make other updates to the signed doc.
DocuSign DTM is a large system, so there is often "more than one way to do it." Please ask additional questions by opening new questions on Stack Overflow.
I need help automating mass emails I'm sending daily.
I'm trying to send out automated mass emails through a Gmail account (My Business uses Google Apps). I built a Java program that allows me to enter my credentials (gmail username & password), Subject Line, Email List, and enter is a body template. The program then sends out emails one at a time to each of the contacts which are in a comma delimited list. This isn't spam as I'm getting the users to submit their email address.
I got this Mail Delivery Message today: "Technical details of permanent failure: Message rejected." I read that Google will only allow a maximum of 100 recipients to any message through its smtp gateway - and there's a maximum of 500 messages in any 24 hr period.
I need a new strategy. How do I build a program to automate sending of ~100-200 emails a day? Do I need to be buying IP's, SMTP Servers, write a new PHP application? I need a place to start because this is out of my scope.
Gmail is not designed for email marketing as you have seen. In the past I have used a Google App Engine account for sending tens to hundreds of thousands of emails (because that was where the domain was managed), but that can be a pain to manage.
You could consider using a service that specializes in email marketing. I have heard good things about Campaign Monitor and MailChimp. Plus MailChimp can integrate into Google Apps.
We use www.authsmtp.com but I was looking at switching to Google when we switch to Google Apps in the near future. I'll have to drill in a bit more. IN the meantime, give authsmtp a try.
Google specifically rejects this type of behavior/use of their system. https://support.google.com/mail/bin/answer.py?hl=en&answer=69585
I would suggest trying a system that is built for this type of activity such as MailChimp or Aweber.