Avoid Spam form submissions - (Easy way of form Anti-Spam) | Drupal 8

Avoid Spam form submissions - (Easy way of form Anti-Spam)

Submitted by editor on Thu, 03/16/2017 - 10:14
Question

How to avoid spam contact form or other form submissions by robots (spam-bots) ?

Method 1. (Classical way)

Use a captcha system like Math captcha, Image captcha, reCaptcha of google....

Method 2. Use Honeypot

Honeypot use a very simple method to limit unwanted form submission by robots (any way, some robots can pass through this method). This method can block up to 98% of spam form submissions.

Concept of Honeypot.

By adding an invisible field to your forms that only spambots can see, you can trick them into revealing that they are spam bots and not actual end-users.

Here we have a simple checkbox that:

  • Is hidden with CSS.
  • Has an obscure but obviously fake name.
  • Has a default value equivalent 0.
  • Can't be filled by auto-complete
  • Can't be navigated to via the Tab key. (See tabindex)

Install / Implement Honeypot on drupal.

Just install and configure drupal Honeypot contrib module.


Install / Implement Honeypot on custom PHP Website.

HTML Code

<input type="checkbox" name="contact_me_by_fax_only" value="1" style="display:none !important" tabindex="-1" autocomplete="off">

 

Server-Side

On the server side we want to check to see if the value exists and has a value other than 0, and if so handle it appropriately. This includes logging the attempt and all the submitted fields.

In PHP it might look something like this:

$honeypot = FALSE;
if (!empty($_REQUEST['contact_me_by_fax_only']) && (bool) $_REQUEST['contact_me_by_fax_only'] == TRUE) {
    $honeypot = TRUE;
    log_spambot($_REQUEST);
    // treat as spambot
} else {
    // process as normal
}


An Example of Honeypot php class for easy implementation.

PHP Class

<?php

class Honeypot {

  const FIELD_NAME = "contact_me_by_fax_only";

  /**
   * Get Honeypot form input field.
   * @return string
   */
  public static function getHoneypot() {
    $field_name = self::FIELD_NAME;
    $form_input = '<input type="checkbox" name="' . $field_name . '" value="1" style="display:none !important" tabindex="-1" autocomplete="off">';
    return $form_input;
  }

  /**
   * Check the form submission.
   * @return bool
   */
  public static function checkHoneypot() {
    $honeypot = FALSE;
    $field_name = self::FIELD_NAME;
    if (!empty($_REQUEST[$field_name]) && (bool) $_REQUEST[$field_name] == TRUE) {
      $honeypot = TRUE;
    }
    return $honeypot;
  }
}

 

Usage:

At the form creation:

<form>
    ...
  <?php print Honeypot::getHoneypot(); ?>
    ...
</form>


At the form submission:

if (Honeypot::checkHoneypot()) {
  // Probably a spam.
}
else {
  // Probably not a spam.
}

 

Source : http://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam

Add new comment