Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!
LogRocket - Sponsor
LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.
Show Notes
02:00 - So you made a form:
- Contact form
- Sales form
- Email signup for newsletter
- Bug report
- Sign up for an account
- Password reset
03:00 - Now someone is going to:
- Have a bot that submits it
- Maliciously write a bot that submits thousands
04:14 - So what can you do?
4:54 - Honey pot
- This is a field that is either hidden or you tell the user not to fill in
- Can goof up autofill
- Works in many cases
07:37 - IP Throttle
- Only allow each IP to do an action a certain number or times inside a window
- You may only try signing up once per 10 mins
09:48 Block known ASN
12:37 - Captcha
- Soft captcha: “What is 1 plus 1?”
- Annoying captcha: Type these letters
- Google captcha: Train our self driving cars
- Hidden captcha
- Cloudflare hCaptcha
Links
Tweet us your tasty treats!
- Scott’s Instagram
- LevelUpTutorials Instagram
- Wes’ Instagram
- Wes’ Twitter
- Wes’ Facebook
- Scott’s Twitter
- Make sure to include @SyntaxFM in your tweets