A
A
Andrey Fedorov2015-11-18 11:34:41
PHP
Andrey Fedorov, 2015-11-18 11:34:41

How to protect the form from spam, but not captcha, because the script is attacked directly?

What are the common techniques?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
C
Cat Anton, 2015-11-18
@aliencash

What means "attack directly a script"? Is there CSRF protection ?

X
xmoonlight, 2015-11-18
@xmoonlight

1. In the form, when generating on the server side, create a hidden: key field and write the value to the session.
2. Through JS on the client side (in the browser), change the key field: you can simply do an arithmetic operation based on the key numbers.
3. When submitting the form, check on the server that the key parameter is calculated correctly:
If incorrect, return a 404 error.

A
Adamos, 2015-11-18
@Adamos

You don't need common methods, captchas and scripts.
You have an order form. What should be in it - you know approximately.
What should not be in it - too (tags, links and other good things that only bots will shove there).
You analyze what came and determine whether the text came to you or a hodgepodge of scripts and links. You process the first as it should be, the second - well, you can write it to the log for every fireman ...
And that's it.
On my website, the feedback form is protected by captcha from Bitrix. For bots, this captcha and the protection of Bitrix itself - "fuck the frost." But a normal user simply will not fill out the form with such crap that bots send. Don't confuse...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question