2019-12-01 | 5497 Print PDF
Have you ever noticed the period you start getting millions of registration that are not confirmed but are used to spam your registration form or worse even use your contact forms as well to spam unsolicited emails? Most of these attacks are similar to DDOS attacks. It is quite funny, with all the security procedures you still get tons of fake registrations and the only way to get rid of this is via your PHPMyAdmin.
You can see from the image above that this form has its own security captcha and even with the long-form registration requirements, this spam bot is able to send 100s of fake registration in minutes. But the most trivial question that gets across our clients' minds is why will they be targeted? To overload their servers and try to work on hacking it as well? We were able to also denote some codes that were passed along with the contact form submission that had Google ReCaptcha and still allow these bots to easily spam the contact form as well.
So, what solutions did we provided for our client was quite a simple line of code to assist them to STOP such attacks, although we are only going to give a preamble as to what was used, we advise you need to get in touch with your developer to aid you to create a separate method to stop the bots from bot forms...By the way, the login forms are usually safe as their validation is preapproved via the registration form, so more reason why the registration and contact forms are easy targets by the bot to hack the server.
A DDoS attack requires an attacker to gain control of a network of online machines in order to carry out an attack. Computers and other machines (such as IoT devices) are infected with malware, turning each one into a bot (or zombie). The attacker then has remote control over the group of bots, which is called a botnet.
Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a denial-of-service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.
The interesting fact here is that we simply had to add a honey pot anti-spam option, which can be added alongside your captcha security or simply remove the captcha field. Honeypots are great because they don’t bother users like a CAPTCHA. In fact, they’re completely invisible to your real users.
Basically, a honeypot is a hidden field in your form that’s meant to stay blank. But spambots will see it, and automatically fill it out. When the honeypot field is filled in, we can reject the form as spam.
We applied this technique to both the registration form and contact form that already has a custom captcha and a Google Recaptcha, and still got spam a lot, so using this technique as another layer of security against bot aid to stop spam registration and spam contact form submissions.
Recommended Read: How To Add reCaptcha v3 In Contact Form and HTTP Security Response Headers For web Security
First, you need to add an invisible input in the form
Input name=website type=hidden /
Next, you need to add a CSS style to make this form invisible to your users but visible to the spambots form
#car{ display:none; } .email_field { display: none; }
Finally, you need to include this in your PHP form that controls the submission
if(!empty($_POST[car])) die(); function detect_bot($post_data) { $is_a_bot = false; if (isset($post_data[email]) && !empty($post_data[email])) { $is_a_bot = true; } return $is_a_bot; } if ($_POST && detect_bot($_POST)) { //echo You are not human; } elseif ($_POST) { //echo Valid submission; } ? -->
Top 20 Work From Home Job Skills
SEO Tips and Strategies For Small Businesses
Google is making a major change to Local Service Ads
Why is Google Ads So Expensive a Case Study
Meta Careers Remote Work From Home Jobs Scam
Strategies For Integrating Organic and Paid Web Site Traffic
How to use Google Analytics GA4 Reporting
Digital Marketing Agency Red Flags List
How To Grow Your Business Market Share Online
Different Types Of SEO Pricing Models