Shopping Cart

No products in the cart.

OSTraining

Shopping Cart

No products in the cart.

OSTraining

How OSpam-a-not Protects Your Joomla Forms From Spambots

Alex Smirnov March 12, 2018
0 Comments
ospam a not

In 2014 here at ostraining.com, we decided to stop the flood of spambots sending spam via forms on our site.

We tried one particular unobtrusive technique on some of our forms. (PS. We’re big fans of Shack Forms here at OSTraining).

This method worked out much better than we could have expected. So, we decided to turn this into a Joomla plugin. This is how OSpam-a-not was born.

So, how does OSPam-a-not work? OSpam-a-not looks for forms on your Joomla page when the visitor is not logged in. Unless the form has only one text field with no submit button, the plugin will add two fields at the very end of the form.

PS. If you’re new to Joomla, I would recommend reading “How to create a Joomla contact form” before attempting this tutorial.

Time Gate

The first field is a hidden timestamp. It records the time the field was created and added. If the form was submitted more quickly than humanly possible, OSpam-a-not blocks the submission.

This interval to use will depend on many unpredictable factors. Obviously, it could potentially create too many false positives. We suggest you turn this feature off when you just install the plugin. But the field is still added to the form.

Similar to the form token Joomla uses to prevent CSRF attempts, the field name is a hashed value we can identify in a protected form when it is submitted.

<input type="hidden" name="4dae3556796029138fbec8655162f36b" value="1421891860.0"/>

Honey Pot

We implemented this technique at OSTraining with a stunning success. You just add a text field to the form and make it hidden. Simply add a style tag at the end of the document headtag.

It isn’t visible to a human user, but a spambot doesn’t see that and fills in the field anyway. If you find anything at all in that field when the form is submitted, we’ve caught a spambot in the honey pot! And the form is blocked.

<style type="text/css">input[name=my_name] {display: none;}</style>
<input type="text" name="my_name" value=""/>

It seems entirely possible that if a spambot saw a text field named 304777dc6667acf98dd it might get suspicious and avoid filling it in.

Something like my_name is much sweeter sounding. So we choose from a list of reasonable sounding field names adding the one that we’re sure isn’t already on the form.

Click here to try OSpam-a-not today.

Finally, if you want to see a wide range of Joomla forms extensions, check out this guide: The 5 Best Joomla Forms Extensions.

Author

  • Alex Smirnov

    Born from Ukrainian mother and Russian father, Alex migrated to the United Kingdom in 1999. He is a self-taught Microsoft Certified Professional. He enjoys learning content management systems and helping web site developers make the most of them.

    View all posts

Categories: General
0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .