Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pelock/yii2-anti-spam-form

Anti-Spam Form is a form replacement component for the Yii2 Framework for creating anti-spam forms that are invisible in HTML code to spam bots & harvesting tools.
https://github.com/pelock/yii2-anti-spam-form

activeform antispam composer packagist php spam spam-filtering spambot yii2 yii2-extension yii2-framework yii2-widgets

Last synced: about 18 hours ago
JSON representation

Anti-Spam Form is a form replacement component for the Yii2 Framework for creating anti-spam forms that are invisible in HTML code to spam bots & harvesting tools.

Host: GitHub
URL: https://github.com/pelock/yii2-anti-spam-form
Owner: PELock
Created: 2022-07-14T11:47:18.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-03-11T14:36:09.000Z (over 1 year ago)
Last Synced: 2024-09-23T22:03:00.538Z (1 day ago)
Topics: activeform, antispam, composer, packagist, php, spam, spam-filtering, spambot, yii2, yii2-extension, yii2-framework, yii2-widgets
Language: PHP
Homepage: https://www.pelock.com
Size: 4.88 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Anti-Spam Form for Yii2 Framework

**Anti-Spam Form** is a form replacement component for the [Yii2 Framework](https://www.yiiframework.com) for creating anti-spam forms that are invisible in HTML code to spam bots & harvesting tools.

## What's the idea behind anti-spam forms?

The concept is simple. Spam bots in most cases are simple tools. They will read your website, look for `` HTML tags and artificially fill up the form fields and post it.

The usual spam bot is a web scraper written in Python retrieving raw HTML webpage content **without** evaluating JS code.

But one thing **missed** in anti-spam detection methods is that spam bots usually cannot process JavaScript code. For a good reason. It's time-consuming and requires JS interpreter to evaluate the JS code within the web page. And it's not that easy to incorporate JS evaluation without using complex & slower execution engines usually based on Chromium etc.

## How to break spam bots?

Simple - put the HTML forms wrapped within JS code. Not the entire form, but the starting `` tag with all its properties.

Suddenly the spam bots are unable to find it. Less spam without too much work.

## How to install Anti-Spam Form component?

Install it first. Preferred way of WebApi interface installation is via [composer](https://getcomposer.org/).

Run:

```

php composer.phar require --prefer-dist pelock/yii2-anti-spam-form "*"

```

Or add this entry:

```

"pelock/yii2-anti-spam-form": "*"

```

directly to your `composer.json` in require section.

Installation package is available at https://packagist.org/packages/pelock/yii2-anti-spam-form

## How to use Anti-Spam Form?

Replace your regular Yii2 `ActiveForm` component:

```php



 'contact-form']); ?>

    = $form->field($model, 'name') ?>

    = $form->field($model, 'email')->textInput(['type' => 'email']) ?>

    = $form->field($model, 'subject') ?>

    = $form->field($model, 'body')->textArea(['rows' => 6]) ?>

     'btn btn-block btn-primary', 'name' => 'contact-button']) ?>

    field($model, 'verifyCode')->widget(Captcha::className(), [ 'template' => '


{image}

{input}

'. Html::submitButton('Send', ['class' => 'btn btn-block btn-primary', 'name' => 'contact-button']) .'

', ]) ?>



```

with `AntiSpamForm`:

```php

// include AntiSpamForm

use pelock\antispamform\AntiSpamForm;

...



 'contact-form']); ?>

    = $form->field($model, 'name') ?>

    = $form->field($model, 'email')->textInput(['type' => 'email']) ?>

    = $form->field($model, 'subject') ?>

    = $form->field($model, 'body')->textArea(['rows' => 6]) ?>

     'btn btn-block btn-primary', 'name' => 'contact-button']) ?>

    field($model, 'verifyCode')->widget(Captcha::className(), [ 'template' => '


{image}

{input}

'. Html::submitButton('Send', ['class' => 'btn btn-block btn-primary', 'name' => 'contact-button']) .'

', ]) ?>

    



```

That's all! The forms are going to work exactly the same, the only difference is the output HTML code.

## Generated HTML code

What's the difference between the usual `ActiveForm` output HTML code and `AntiSpamForm` code?

Lets take a look. Before:

```html



    

  

    

    

      Name

      

      

    

    

      Email

      

      

    

    

      Subject

      

      

    

    

      Body

      

      

    

    

      Verification Code

      

        

          

        

        

          

        

        

          Send

        

      

      

    

  



```

After:

```html



      

  

    document.write(atob("PGZvcm0gaWQ9ImNvbnRhY3QtZm9ybSIgYWN0aW9uPSIvY29udGFjdCIgbWV0aG9kPSJwb3N0Ij4KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iX2NzcmYiIHZhbHVlPSJ1MFczN0JLaDJOQko2Q2lVeTFxc3R3OEp6aC1mcUxxOXRnOEpQem9CUjZfMEJfNmxYX0sxb2c2cVV2NmliT1A1UzI3LVh0M2F6bzNnWUZGS1NVY2xfUT09Ij4="));

  

  

    Name

    

    

  

  

    Email

    

    

  

  

    Subject

    

    

  

  

    Body

    

    

  

  

    Verification Code

    

      

        

      

      

        

      

      

        Send

      

    

    

  

  



```

The JavaScript code generates output `` element with all of its properties. Simple & effective solution against spam bots and web scrapers, harvesters etc.

## Should I remove CAPTCHA validations?

No. You should leave your `CAPTCHA` verifications in place, because some bots are able to run JS code, so the **Anti-Spam Form** will provide an additional layer of anti-spam protection.

## Bugs, questions, feature requests

Hope you like it. For questions, bug & feature requests visit my site:

Bartosz Wójcik

* Visit my site at — https://www.pelock.com

* Twitter — https://twitter.com/PELock

* GitHub — https://github.com/PELock