MODX Community

Formit and Best Spam Protection Options

What’s the latest and best way to build in spam protection for Formit forms?

My choices so far are the Spam Hook
https://docs.modx.com/extras/revo/formit/formit.hooks/formit.hooks.spam

CRSF Token
https://docs.modmore.com/en/Open_Source/CSRFHelper/FormIt.html

A honeypot
http://www.bitego.com/weblog/2014/05/26/protect-a-formit-web-form-from-spam-without-using-a-captcha.html

And the latest Recaptch http://www.bitego.com/weblog/2014/05/26/protect-a-formit-web-form-from-spam-without-using-a-captcha.html

as detailed a long time ago by http://codingpad.maryspad.com/2011/03/08/modx-revolution-for-complete-beginners-part-9-using-formit-for-contact-forms/

Any recommendations on best practivce or latest techniques?

Thanks

1 Like

I usually go for CSRF + Recaptcha but unsure what the best practice would be.

1 Like

SPForm also has an anti-spam technique that requires the user to use either the mouse or the keyboard, which prevents bots from autofilling things.

FWIW, I’ve used SPForm for a number of years without Captcha. I get no spam messages at all through my contact form, though I don’t know how many spammers have tried it.

Honeypot works, last time I had some problems with the captchas but that seems to work again.

The above works great for me. So far no need for more.

I have dummy url in Form action which I fill it with the correct value with javascript after short delay. Works preatty well.

Recaptcha is probably the easiest to implement and has a decent track record. I use something similar to what Bob mentioned as well as the spam hook and Rampart. It is really a matter of personal preference and what has worked in the past.

My two cents worth re ReCaptcha (v3) is that it can destroy page speed by up to 10/100 using PageSpeed Insights. I’m currently using the honeypot in Formit which is low tech but seems to work OK. (then again i’m not totally sure because the emails go to my clients …)