There are 3 publicly available forms on the Tech Club application website: member registration, client registration and contact. Inevitably, these forms will be submitted by automated programs, or bots, in order to distribute spam or for some other unpleasant purpose. This section will talk about ways to avoid this. It will just be a short section for now, with more description than code, but I may come back to it in the future.
The measures we need to take in order to reduce bot submissions depends on whether or not we are specifically targetted. If a spammer is prepared to spend the time to modify his program in order to get past our defenses, then we will need to use the strongest measures. But unless you work for a well-known organization, this is normally not the case, and even simple measures will stop most automated attacks.
The strongest measures should be avoided if they are not needed, because they are annoying or difficult for the user and create a barrier to the submission of the form. Here, in order of preference, are some measures we can take:
|Measure||For user||For developer||Description|
|Hidden form field||Invisible||Very easy||We have a field in the form which is invisible to the user but not to bots, therefore if it is filled in, we reject the submissoin. It is the measure implemented on the Tech Club forms and described further in Explanation: forms and emails.|
|Time-based checks||Invisible||Moderate||This means for example disallowing multiple submissions from a given IP address within a given timeframe, or rejecting submissions which occur within a few seconds of the page loading (because no human could fill it in that fast).|
|Checkbox||Very easy||Easy||The user clicks a checkbox. This seems to be the way things are going now as an easy "pre-check" to reCAPTCHA - see here.|
|Trivial question||Very easy||Very easy||We have a field asking for the answer to a trivially simple question like "What is 2 + 2?" or "What color is the sky?".|
|reCAPTCHA||Average to hard||Easy||The user needs to decipher distorted words. Everyone knows this one from creating accounts with big companies like Google.|