Q: I've received a report from a supporter that their signature/RSVP/account creation/other action is being blocked by bot protection. What's going on and what should I tell them?
A: If you've received a message from a supporter, generally, waiting a few minutes and reloading the site is all that's needed. Visitors using a VPN, obfuscation service, or Tor may be more likely to be scored as a bot.
ControlShift organizations often have bot protections on their site to prevent malicious or spammy activity. The protection options are: Google's reCAPTCHA, hCaptcha, or Cloudflare's Turnstile. reCAPTCHA and hCaptcha are added by organization admins. Turnstile is automatically available for US-based organizations.
Each of these tools is used to secure site forms, including the signature form, RSVP form, account creation form, contact message form, etc. Whenever a form is submitted, we ask the service (Google's reCAPTCHA, hCaptcha, or Cloudflare's Turnstile) to rate the likelihood that the request came from a bot. Each of these tools use a variety of factors, like user behavior, to evaluate each request.
If the "score" for the request shows that it's very likely to be a bot, we'll reject the request and the user will see a bot protection message.
Each of these tools keeps the formulas they use opaque (to prevent malicious actors from bypassing them), so it's not possible to say exactly why a specific request was marked as likely to be a bot.
Our recommendation for users seeing the bot protection message is to wait a few minutes and reload the site. Visitors using a VPN, obfuscation service, or Tor may be more likely to be scored as a bot.
Please sign in to leave a comment.