Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms

In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!

LogRocket - Sponsor

LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.

Show Notes

02:00 - So you made a form:

1. Contact form
2. Sales form
3. Email signup for newsletter
4. Bug report
5. Sign up for an account
6. Password reset

03:00 - Now someone is going to:

1. Have a bot that submits it
2. Maliciously write a bot that submits thousands

04:14 - So what can you do?

4:54 - Honey pot

• This is a field that is either hidden or you tell the user not to fill in
• Can goof up autofill
• Works in many cases

07:37 - IP Throttle

• Only allow each IP to do an action a certain number or times inside a window
• You may only try signing up once per 10 mins

09:48 Block known ASN

12:37 - Captcha

• Soft captcha: “What is 1 plus 1?”
• Annoying captcha: Type these letters
• Google captcha: Train our self driving cars
• Hidden captcha
• Cloudflare hCaptcha

Links

• Cloudflare
• Digital Ocean
• Google reCaptcha
• Cloudflare hCaptcha
• Cloudinary

Tweet us your tasty treats!

• Scott’s Instagram
• LevelUpTutorials Instagram
• Wes’ Instagram
• Wes’ Twitter
• Wes’ Facebook
• Scott’s Twitter
• Make sure to include @SyntaxFM in your tweets

Episode source