9

In my Magento shop, i have a form, witch send the information via email to me, and recently there have ben a lot of spam from that form (70 since yesterday).

Is it posible, to get a secure form in magento, witout using CAPTHA? :)

Patrick Knudsen
  • 464
  • 1
  • 5
  • 18
  • This answer might be helpful to you. --> http://magento.stackexchange.com/questions/103808/how-can-i-protect-my-magento-site-from-spam/103836#103836 – Vishwas Soni Mar 02 '16 at 10:42

2 Answers2

15

I had the same problem and I solved it by installing this extension from the magento-hackaton: https://github.com/magento-hackathon/HoneySpam

This Magento Extension adds a field which is hidden with JavaScript to the Customer Register and the Product Review Form which looks like the URL Field of a Wordpress Comment Form. If this field gets filled and the Form is send, there appears a error message and nothing will be saved.

There is also a check if this form is too fast transmitted, a human normally takes a couple of Seconds or more.

You can enable and disable the functionalities or set the time how long it should take to transmit this forms in the Magento Admin Backend.

Freshly added: Regex-checking on all input-fields to determine a loose index for spam-level. It is not the most accurate thing at all, but it may prevent the low-end spam ("broadband spam"). You also can enable/disable this feature in the backend and set a maximum spam index trust level.

This is how I added it to my form:

On my form .phtml file I added this line: 

<?php echo $this->getBlockHtml('contacts.form.fields.before') ?>

This will add the extra field declared in app/design/frontend/base/default/layout/honeyspam.xml: 

<default>
    <update handle="honeypot"/>
    <reference name="footer_newsletter">
        <block type="core/text_list" name="contacts.form.fields.before" as="form_fields_before" translate="label">
            <block type="hackathon_honeyspam/honeypot" name="honeyspam.honeypot"
                   template="hackathon/honeyspam/honeypot.phtml"/>
        </block>
    </reference>
</default>

<contacts_index_index>
    <update handle="honeypot"/>
    <reference name="contactForm">
        <block type="core/text_list" name="contacts.form.fields.before" as="form_fields_before" translate="label">
            <block type="hackathon_honeyspam/honeypot" name="honeyspam.honeypot"
                   template="hackathon/honeyspam/honeypot.phtml"/>
        </block>
    </reference>
</contacts_index_index>
lloiacono
  • 3,386
  • 21
  • 40
0

The added code for the newsletter is incorrect. I have half the correct code, problem remains that you can only make one form hidden at a time with document.observe code. We have 2 newsletter boxes and the standard review/contact forms and that doesn't work.

This is the correct part for the default magento install footer newsletter though.

    <default>
    <update handle="honeypot"/>
    <reference name="footer.newsletter">
        <block type="core/text_list" name="newsletter.form.fields.before" as="form_fields_before" translate="label">
            <block type="hackathon_honeyspam/honeypot" name="honeyspam.honeypot"
                   template="hackathon/honeyspam/honeypot.phtml"/>
        </block>
    </reference>
</default>

Anybody the complete solution?

Kim K.
  • 73
  • 8
  • I just a bit confuss her, should I add the above code to newsletter.xml in app/design/frontend/default/mytheme/layout? How can I see it is corrected installed? – hln Jun 23 '17 at 07:34