01
Apr

Meet: Joe Greve

Posted by: Elexicon

Meet: Joe Greve

Joe Greve
Joe Greve, our new web developer at Elexicon!

Welcome Joe Greve, our new web developer at Elexicon! We are thrilled to have him join our team. To help you get to know Joe better, we asked him to answer a few questions.

What is your educational background?

I have an associates degree in Web Design from Kalamazoo Valley Community College, and spent a year at Ferris State University studying Game Design and Animation.

What are five interesting facts about you?

  1. No matter the topic, I probably have some random fun fact about it
  2. I like to think I’m pretty great at making food
  3. I’m exceptionally detail oriented (sometimes to a fault!)
  4. I can repair most anything on a car
  5. I once solved a Rubik’s Cube, by following a guide

If you could visit anywhere in the world you’ve never been, where would you go?

Japan! Osaka, Tokyo, Toyota City, the mountains — all of it.

How do you wind down after work?

Usually by cooking myself a nice meal. I find cooking really therapeutic. Maybe just because you can’t really rush a good meal!

What’s a topic you wish you knew more about?

I feel like my answer to this changes every week. But right now, I think I’d say automotive metalworking.

If you had to listen to one song for the rest of your life, what would it be?

Africa, by Toto. Extra points for the Weezer cover.

Who inspires you?

In no particular order: Steve Jobs, Christian von Koenigsegg, anyone who can stick it out with a personal project for more than a few weeks, and my fiancé.

31
Jan

Meet: Emma Sluiter

Posted by: Elexicon
Emma Sluiter, our new digital marketing specialist at Elexicon

Welcome Emma Sluiter, our new digital marketing specialist at Elexicon! We are thrilled to have her as a part of our team. To help you get to know Emma better, we asked her to answer a few questions about herself.

What is your educational background?

I recently graduated from Grand Valley State University in December 2018 with a Bachelor of Science (B.S.) in Health Communications, Advertising, and Public Relations.

Your degree was a big part of the mutual interest between us!

This is true on so many levels. Personally, I first gained interest in Elexicon because their team helped create and supports Health Beat, Spectrum Health’s brand journalism site. I was a Health Beat reader in college, so the opportunity to work alongside them in an agency setting was ideal for me. Since one of my passions is communicating about healthcare, I believe working at Elexicon is the perfect first-step for me after college. I get to explore the impact of the communications we create for healthcare clients and their patients while learning more about web development from my team. It’s a win-win.

What were some collegiate activities/clubs you were involved in?

To start, I had my own one-hour radio show in college called Emma’s Dilemmas. I would talk about my personal dilemmas while covering local health news — I was pretty funny if I do say so myself! My radio show later led me to become GVSU’s student radio news director, where I was able to inform listeners about local health news on a regular basis.

Additionally, my time in college was spent in student government. I was a part of GVSU’s Student Senate where I worked on a committee to oversee internal relations and student funding. I helped appropriate $1.2 million to student organizations and learned more about team building and about my university’s resources. I also planned leadership programs and conferences — including the Leadership Summit, Transitions: New Student Orientation, and the First Year Leadership Program.

Not only was I involved at my university, but I was also involved in my local community. I volunteered my time at animal shelters, Well House and 20 Liters. Lastly, I was involved in a collegiate ad agency called The Bloom Group, where my colleagues and I worked on real-life marketing campaigns with Open Systems Technologies (OST) and GVSU.

What are your Top 5 skills?

Perseverance would be one of my top skills, because I never give up on a task or goal until it is completed—and completed well. Next, I would say organization because I am able to work on multiple tasks at the same time with a clear perspective on what needs to be done. Public speaking is another top skill of mine, mainly because of my outgoing personality and my desire to communicate with others about what I’ve learned. Teamwork is another skill I have obtained over the years from playing sports and working on team projects in college. Lastly, I would say I am an active listener because I find it important to learn from others and their experiences.

What do you like to do outside of work?

Watch new TV shows on Netflix, play my Nintendo DS, and hang out with my orange kitty.

You’re burning the midnight oil on a deadline. What’s your go-to snack?

Ben & Jerry’s Toffee Bar Crunch… and if that’s not in my freezer, I just make popcorn.

Music, podcasts or no headphones while working?

I tend to have headphones on while working. I can always jam out to music by 5 Seconds of Summer, and listen to podcasts. I have been finding myself listening to health and wellness podcasts lately, and I am enjoying the new perspective I am getting about nutrition. I like to listen to something at work because it keeps me motivated.

What book(s) are you reading?

I like to read books that help me escape the real world, and allow me to have a creative mind. For “escape” these days, I am reading the Witch & Wizard series by James Patterson. For my professional development, I have just read White Hat UX by Trine Falbe, Kim Andersen, and Martin Michael Frederiksen, Purple Cow by Seth Godin, and Contagious by Jonah Berger.

28
May

Preventing Spam Without Captcha

Posted by: Elexicon

Spam emails are extremely annoying. Unfortunately, spambots are getting smarter and smarter every day. People have developed some pretty clever methods to prevent spam, but the most popular are also an inconvenience to your users. I’m speaking, of course, about Captcha.

According to the Captcha website, Captcha is

“a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot.”

Typically, the test will consist of distorted text embedded in an image.

But what if the user can’t read the distorted text produced by Captcha? It becomes a nuisance to hit the refresh button multiple times to get a legible Captcha so you can submit the form. Being in the user-experience business, we went looking for a better solution. We looked into several different technologies, but almost all of them were too bloated in size for us to find them appealing, so we had to come up with another way.

First, some explanation about spam bots: they will typically fill out every input field in a form whether or not it is visible to the user. This useful piece of information has led to the creation of the honeypot method. The honeypot method consists of putting a blank input field in your form and hiding it from the user. The bot will come across this input field and fill it in. If the form field is filled in, the sender should be marked as a bot and the form should not send. Unfortunately, setting an input field with display: none; isn’t enough to combat spam anymore. It is certainly a step forward, but as I mentioned above, spam bots are getting smarter every day and many of them have figured this little trick out and can work around it.

To prevent spam on our new forms, we used a few different “honeypot” methods combined into one form to determine if the user is a bot or not. We first implemented the standard blank honeypot text input field and set it to display: none;. When the form is submitted, we then perform a server-side check using PHP to see if the input was filled out. If so, we trigger an error and prevent the form from sending. After testing this method, we waited a couple of days to gauge its effectiveness. Unfortunately, we were still receiving some spam emails each day using this out-of-the-box honeypot functionality.

We then began investigating more solutions to combat spam. This is where we really learned just how smart these spam bots are becoming. When we had first implemented the honeypot input field, we had named the input “anti-spam”. This was a bad idea. Bots are able to read through the input attributes and determine what type of input is focused and, apparently, are able to determine if the input field is supposed to be filled out based upon the name. So we learned a valiable lesson: name your honeypot fields something completely irrelevant to combating spam.

After changing the honeypot input name to something like “promo_code” we waited another day or two to see if we had better results. A day or two went by without spam, but on the second or third day we received another spam email. This was an improvement from the previous rate, but still unacceptable.

That’s when we realized some bots can bypass input fields set to display: none;. So diving headlong deeper into the spam battle, we implemented a method found in MailChimp’s subscription form that sets the honeypot input field to position: absolute; left: -5000px;. This allowed the input field to be “visible” but positioned off screen so the normal user couldn’t see it. We weren’t going to stop there, though. We’d had enough of those emails trying to sell us shoes and prescription drugs.

To be sure no bots could send our contact form, we implemented second and third honeypot inputs. The second honeypot field was an HTML5 email input. I do believe this field was the key in preventing our spam emails. Bots, no matter how smart, will ALWAYS fill out an email input. Just be sure to name your honeypot email input field something different than your actual email input field and name it something totally unrelated to spam prevention. We used the name “email_2” for our honeypot email input. This email input was “hidden” the same way the other input field was, by setting it in a <div> with position: absolute; left: -5000px; set. If either one of these input fields were populated, the form would trigger an error and not send.

The third and final method we used to combat spam is something a little more in-depth and tricky than your average honeypot input. When a spam bot finds a form on a page it will typically fill it out within 5-10 seconds and submit. This is much faster than what a human can do, so we figured it would be wise to do a check against how long it took to fill out the form. To do this, we put in a hidden input field and set the value to populate upon page load with the time the page was loaded. When the form is submitted, we perform a server-side check if the time between loading the page and submitting the page is larger than the minimum time it takes to fill out the form. We set this minimum time to 10 seconds to be sure we weren’t going to prevent any real users from sending our form. If the form is submitted in under 10 seconds, it will trigger and error and not send.

It’s been just over a week since we’ve implemented these spam prevention techniques and we haven’t seen a single spam email come through since. As spam bots continue to evolve, however, we may have to revisit this solution down the line. But that’s part of the spam arms race that’s not going away any time soon.

Back to Top