Protect your precious forms

Submitted by exaboy on Sun, 06/30/2013 - 22:16
Protect your precious forms

Hey we all know its a nightmare to get spammed by these incredibly annoying bots that patrol the internet which flood websites with uber amounts spam. Well, we have solutions for that. If you are working with Drupal then the likely choice is Mollom which is of course free for small sites and blogs, bonus!

By when you think of protecting your forms which come to mind: comments, registration, contact? Likely these do and they are certainly the focus for most bots since they are easily accessed and promoted around a site. But what about your login and lost password forms? You wouldn't believe me if I told you there are thousands of vulnerable sites online, the simple thing is that developers just don't think about this sort of thing until, well... it's too late.

Did you know that these are prime ways to DDoS a website, simply because these form submissions have to directly hit the database to validate the submission, roh roh! I mean companies spend fortunes on developing caching strategies to protect backend web php processes, yet these sorts of things are like an achilles heel.

Fortunately there are a good handful of modules, including Mollow that allows you to protect these forms out of the box. Respecting Mollom it's just not enabled by default so you better go do that now if you haven't already.

As I was saying there are other modules that allows you to thawt pesky spambots for added protection, one that came straight to mind is Honeypot. This great module actually does a couple of simple things to trick up bots including adding hidden fields to the form that if completed invalidate the submission, genius.

So you see there isn't really anything to be worried about if you've protected your forms. The question is, have you?

Now I know you are interested in protecting your forms, here is a list of services you can employ:

  • Mollom - Offers spam protection through their freemium service.
  • CAPTCHA - A simple image-based CAPTCHA builder.
  • reCAPTCHA - Implements reCAPTCHA for image-based CAPTCHAs.
  • BOTCHA - Has many different bot-defeating recipes.
  • Hidden CAPTCHA - Similar to this module in it's effectiveness.