8·
1 month agoThe code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
Or, if the business is 24/7, make sure they have an explicit on-call policy with designated shifts. (e.g. who is allowed to call you, what is the expected response time, is an issue disruptive enough that it needs resolving at 3am on a holiday, etc.)
My current job (IT for a non-profit research facility) pays a sweet daily bonus just for having my phone on me, even if I don’t get called over a week, plus double overtime pay when I do get called afterhours. I’ve had 13 shifts over the past couple years, and was called only 7-8 times, 3 of those on the same weekend for the same issue (couldn’t make a permanent fix until the following Monday).
In any other job, I definitely wouldn’t accept a manager or random coworkers sending me messages out of the blue on a weekend and getting mad when I don’t respond.