Preventing form spam on sites
Spam! You probably hate this word. You’ve created an application, ultimately you will get hit with a spam mail bot. There is no perfect solution that will allow you to prevent form spam on sites. I want to share a few good workable solutions to fight back.
CAPTCHA blocks spam bots from gaining access to your web forms, at the same time humans can get through it. You should avoid using it as it inconveniences users. Google has invisible reCaptcha which might be the satisfactory captcha option.
If your form requires an email then you could verify that the email actually exists and that they click a button or link in the email to confirm registration.
Another option is – identibyte that will verify an email through their API. This saves the hassle of making your users go through extra steps.
Moderate comments for links and inappropriate words.
If you are a consumer of services like Cloudflare you could make use of their “page rules”. If you are already using their service, you can try this feature to quickly set up the rule.
Use spam services like Akismet by WordPress and Stop Forum Spam. For Laravel, you can use nickurt/laravel-akismet and nickurt/laravel-stopforumspam.
Limit the Login Attempts
You can reduce the spam and increase security by setting the number of failed login attempts then blocking the user’s IP address, this way you can stop automated bot scripts and protect your website.
Ask Test Questions
Challenge the user by putting a simple question that would be easy to answer for a human, and will cause problems for the bot. It is usually a simple math problem or a well-known question like “What is the color of the sky?”.
Embed Session Tokens
Another way to prevent spam attacks is by setting the session tokens. If the session cookie wasn’t set on the form, probably it is not a human being because most of the spambots attack the forms directly and this measure will help to get rid of them.
Out of all these options, I’d recommend starting with the honeypot, then if that fails, continue to the other options until you’ve successfully stopped the bots from attacking your web forms.