Online Marketing Strategies

How To Stop Spam Registration in php

2019-12-01 | 75 Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF


How to Stop Spam Registration and Contact Form Spam Submission.

registration-form

Have you ever noticed the period you start getting millions of registration that are not confirmed, but are used to spam your registration form or worse even use your contact forms as well to spam unsolicited emails? Most of this attack is similar to DDOS attacks. It is quite funny, with all the security procedures you still get tons of fake registrations and the only way to get rid of this is via your PHPMyAdmin.

You can see from the image above that this form has it's own security captcha and even with the long-form registration requirements, this spam bot is able to send 100s of fake registration via minutes. But the most trivial question that gets across our clients' minds is why will the be targeted? To overload their servers and try to work on hacking it as well? We were able to also denote some codes that were passed along with the contact form submission that had Google ReCaptcha and still allows these bots to easily spam the contact form as well.

So, what solutions did we provided for our client was quite a simple line of code to assist them STOP such attacks, although we are only going to give a preamble as to what was used, we advise you need to get in touch with your developer to aid you to create a separate method to stop the bots from bot forms...By the way, the login forms are usually safe as their validation is preapproved via the registration form, so more reason why the registration and contact forms are easy targets by the bot to hack the server.

How does a DDoS attack work?

A DDoS attack requires an attacker to gain control of a network of online machines in order to carry out an attack. Computers and other machines (such as IoT devices) are infected with malware, turning each one into a bot (or zombie). The attacker then has remote control over the group of bots, which is called a botnet.

Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a denial-of-service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.

distributed

The interesting fact here is that we simply had to add a honey pot anti-spam option, which can be added alongside with your captcha security or simply remove the captcha field. Honeypots are great because they don’t bother users like a CAPTCHA. In fact, they’re completely invisible to your real users.

Basically, a honeypot is a hidden field in your form that’s meant to stay blank. But spambots will see it, and automatically fill it out. When the honeypot field is filled in, we can reject the form as spam.

We applied this technique into both registration form and contact form that already has a custom captcha and a Google Recaptcha, and still got spam a lot, so using this technique as another layer of security against bot aid to stop spam registration and spam contact form submissions.

The following steps should be used.

First, you need to add an invisible input in the form

<input type="hidden" id="website" name="website"/>

Next, you need to add a css style to make this form invisible to your users but visible to the spambots

form #car{ display:none; }
.email_field {
        display: none;   
    }

Finally, you need to include this in your php form that controls the submission

 <?php

if(!empty($_POST['car'])) die();
  function detect_bot($post_data) {
    $is_a_bot = false;
    if (isset($post_data['email']) && !empty($post_data['email'])) {
        $is_a_bot = true;
    }
    return $is_a_bot;
}
if ($_POST && detect_bot($_POST)) {
    //echo "You are not human";
} elseif ($_POST) {
    //echo "Valid submission";
}

?>

 

 

 


comments powered by Disqus

Ads

Author


Olatunji Adetunji

I am a seo web analyst and have a love for anything online marketing. Have been able to perform researches using the built up internet marketing tool; seo web analyst as a case study and will be using the web marketing tool (platform).

Subscribe RSS

Subscribe with Subscribe with facebook Subscribe with google Subscribe with linkedin Subscribe with TwitterSubscribe with Yahoo   

OR


More Posts From Online Marketing Strategies

Social Boxes



Random Blogs




ODEY ALFRED
Forex Trading Strategies
Freight Forwarder
Partyplanetng
Licensedclearing Agent
suzan