New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Irritating contact form spam.
I have a laravel website where i am getting many spam mails mostly links to urls/text like 'make money with robots' etc.
i don't mind receiving them because they end up in spam mostly but those mails consuming my mailgun credits.
how do you guys deal with them? otherthan recaptcha etc solution.
anyone having ip ranges of spammers? if anyone willing to share, i can add them to block list, i don't mind losing some visitors incase there are some false positives.
any help is appreciated
thanks
Comments
Are you using any ‘anti-bot solution’ for your contact form?
using google recaptcha v3
And google captcha doesn't help? Use cloudflare, it helps to avoid spammers.
Are you certain you have implemented that right? And maybe not missing the actual validation of the token at the backend site? Google reCaptcha is pretty effective against bots.
Thinking about, creating a YouPorn captcha.
By listening and guessing what fuckery is going on you may pass.
yes, google captcha not helping (it may be helping already but still getting spam mails)
i haven't tried using cloudflare...i will give a try.
This is no.1 reason I always advocate getting user's IP address in POST from the submitted form. Atleast you can block IP/ranges to temporarily block such spammers and discourage them further with rotating IPs. Plus this way you will get some idea which IP ranges / providers host most spammers.
You can also code it in a way that submitting is checked via abuseIPDB first...which would help filter out these.
Another way for high visit / enterprise apps is to match text / message patterns and develop some kind of intellisense to block/ quarantine such messages.
IP tracing also helps legally tracing source incase something goes beyond control.
thanks for the suggestions, i will keep recording ips so that i can get an idea of ip ranges.
abuseIPDB also looks great.
PS: i just added honeypot too, so lets see if that helps in anyway.
Make 2 textareas. Name the first "enquiry" and hide it with css (just not with inline css) . Name the second with random text.
On post check if the first is full and just ignore the message with "success".
This works in 95% of the cases. Unfortunalely if the user is using some type of a form autofiller (plugin) his message may get ignored.
This approach isn't much use these days. What about CleanTalk? Low cost, easy to add.
Do a
javascript:SubmitForm()
for the action. Then your logs will getPOST /javascript:SubmitForm.... 404
, it gets rid of a huge quantity. Use hCaptcha rather than reCaptcha.if bots are not developed for cracking hCapthca then it will be a good solution
thanks for cleantalk link, they are giving list of spam ips and their service is affordable.
I hate when I see hCaptcha (reCaptcha is just slightly better). Distinguishing metal parts of vehicles is near impossible.
Btw, recently saw a product called SheetMonkey on producthunt. Forms get stored into Google sheets. Maybe another way to store data without actually emailing stuff.
I've used CleanTalk for years. Had zero spam in all that time. It works in the background, so no captcha's to annoy people. Pretty good service imo.