Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Arthur Grand2017-01-14 09:04:08
Fight against spam
Arthur Grand, 2017-01-14 09:04:08

Have an idea for spam protection, but will it work?

Greetings, if you come to this question!
I have a form builder for websites and now it has protection against multiple submissions with a one-time token in a field with a random name. The trouble is that the bots, apparently, have learned to request and parse this token every time before sending it. So there is spam.
I thought here that bots are not a full-fledged browser and only load the page itself, and came up with a cunning plan.
1. Add a link to a special style/script to the page with the form
2. The browser will try to load it, and I will intercept it and add the "browser" label to the visitor's session
3. When submitting the form via POST, check the label and delete it, allow sending the letter
3.1 If AJAX, then do not remove the label
Do you think it will work?
What are the disadvantages of this idea I do not see?
Also, I'm thinking of adding randomization of field names and honeypot, but I'm afraid everyone has already learned how to get around this.
Captcha, of course, is not needed!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
X
xfg, 2017-01-14
@xfg

For general purpose bots (they spam all the sites they find), any primitive protection will do. If a bot is written for a specific site, nothing will help. As discussed many times, spam can only be defeated if it becomes financially unprofitable for an attacker to spam your site. If it is profitable for him, he will spam, even with his hands. Nothing will stop him.
Your solution is overly complex for general purpose bots, and at the same time it won't make it much harder for a programmer who will write a target bot for your site. Enough hidden field through css and on the server to make sure that it is left blank. Helps to avoid spam from general purpose bots. Targeted bots and manual spammers are being fought by someone using a set of measures, registering by phone number, attracting users to fight spam, issuing captchas for suspicious activity, etc. You can analyze large sites if you are interested. But if your site is not as interesting for spammers, then it makes no sense to complicate everything like that.

Report
X
xmoonlight, 2017-05-23
@xmoonlight

Maybe it's easier to use this filter?

Similar questions
D
dollar2018-10-25 17:45:24
Is there an extension that automatically redirects to stackoverflow.com when visiting stackoverflow.com? 7Reply
S
Sergey Gorbushin2014-04-09 20:59:49
How to protect mail on the site from spammers (autoparsing)? 2Reply
M
Magi2016-08-23 23:42:43
Why doesn't adding product to woocommerce cart work? 3Reply
S
START UP2014-05-31 20:52:44
Is this considered spam? 1Reply
K
kaddata2018-12-07 01:33:13
How to make "rejected" soaps fall into spam? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question