March 26th, 2023
Every website uses some kind of forms: at least a contact form or signup form to gather information about users interested in their topic, product, service. But public forms are very susceptible to spam attacks - fake data submitted through forms, malware, fake traffic... Most form spam is created by bots which are programmed to find web forms and fill them out.
Here are some ways to protect your forms from spambots:
Add Google reCAPTCHA.
Add Honeypot
Add test question
Confirmation link send to email
Block copy-paste to from
Time analysis (check how long it took to submit the form)
Honeypots are hidden fieldsĀ in the form that should never contain a value when submitted. Users cannot see them, so the value of hidden input will always be null, but bots can detect them and they will fill that input with value.
uses honeypot and time analysis:
checks if hidden field has value
checks how long it took to submit the form
install package
1composer require spatie/laravel-honeypotadd honeypot field in the form you want to protect
1<form action="/submit-contact-form" method="POST">2 <x-honeypot />3 <input name="myField" type="text">4</form>add middleware ProtectAgainstSpam to route submitting a form
1use App\Http\Controllers\ContactFormSubmissionController;2use Spatie\Honeypot\ProtectAgainstSpam;3 4Route::post('/submit-contact-form', [ContactFormController::class, 'submit'])->middleware(ProtectAgainstSpam::class);more about Laravel Honeypot.