I just came across the following for Formit spam protection and wondered if anybody was using it? If so is it successful?
I couldn’t see any pricing so I’m assuming it’s free?
Seems it is MIT licenced, so I think its free.
This seems promising extra. Tried install to 3.1.2 (dev server, laragon, win) but got errors in install, and couldn’t find that important system setting for it.
2.8.X version package management didn’t find extra at all.
1 Like
Thank you - will keep an eye on it as it does look promising
If you’re looking to protect your contact form, you might want to check out Turnstile.
I haven’t tested the plugin myself, but turnstile is probably one of the most solid protection options available right now… if not the best
1 Like
Thank you - I’ve looked at it but I’m trying to steer away from ‘3rd party’ solutions wherever possible. It looks good though certainly.
I’ve found SPForm to provide a completely spamproof contact form. If you’re not looking for a contact form, you could borrow some of its techniques to roll your own form
It’s 100% free. I wrote it. I’m looking at making some improvements to it but it has been doing the trick for us implementing it on some forms for customers on MODX Cloud. No form protection is bullet proof but this helps combat most of the common culprit attacks by automations and limits damage by script kiddies or paid form spammers.
It’s not yet available as a build for 2.x so it won’t show up in the Package Installer, but it technically can be used and installed in 2.x by manually adding the two snippets, the one static file and the system setting.
I’m going to work on doing a build for 2.x. as well as fixing up an issue or 2 reported by @valokammi earlier today.
2 Likes
Just trying this extra out. Docs mention…
formit.spam_time_secret
Is this something I need to create? I can’t see it in system settings.
MODX 3.1.2
Yes. I forgot to add it to the package. It will be in an upcoming release. Create the system setting and set a value for it. It’s important that it’s reasonably long.
Ah ok. Sorry if I’m misunderstanding - should this be a time limit and if so how should it be expressed? What would you say is reasonably long? Sorry for all the quesitons!
No, this is not a time limit.
It is a secret key (like a password) that is used to create a hash from the timestamp, that then (hopefully) can’t be forged by a spammer.
1 Like
Thank you Harry - much appreciated
This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.