0

I've been learning and experimenting with NodeJS, and the project I'm using is to port a homemade content management system (CMS) written using the Linux/Apache/MySQL/PHP combination. One of the areas I am trying to update is protecting against spam on a contact form. The NodeJS version is based upon Linux/Mongo/Nginx/Javascript (why Mongo? because I wanted to learn how to work with it!)

I have a server side check that helps to reduce spam by assigning a unique ID to each form downloaded and having that ID entered into the database along with a pointer to the form handler. Each form ID can only be used once, and if a form requires such an ID and no ID is present - then no form handler is called for. (This also helps to secure access to the system through other forms such as administrative functions.)

I understand there are more checks I could use server side and would love to hear about those, but I also want to focus right now on the client side. Do folks have any suggestions for captcha-less forms that are resistant to spamming?

Rama Schneider
  • 64
  • 4
  • 2
    1. Your approach with storing handlers into your database maybe works for you now but I’d consider it suboptimal. I can easily flood your database by requesting the same form over and over again. 2. There are no spam protection mechanisms as effective as captchas but you can for instance include some text fields, hide them with CSS and check that they’re empty. While humans won’t, bots might fill them in. – idmean Jul 24 '17 at 14:32
  • @CalebAnthony - Point taken regarding flooding the database, and I intend to work on that end of it. One small protection (very small indeed) I've taken regarding the flooding is to have the DB entry time out and get deleted. I have found this process works well with restricted access forms such as back end admin ones. – Rama Schneider Jul 24 '17 at 15:10

0 Answers0