Download the PHP package kim/defender without Composer

Prevent Spam With This Laravel Package

This package helps you fend off spam bots by using randomized input names and honeypots.

Introduction

Spam is a huge problem for the Web. Form-filling bots read the form presented to them and automatically fill out the fields. Another type of bot record the POST data and replay it back to the submission URL. This package helps fend off these bots with minimal effort.

The package randomizes the input names so that bots cannot make educated guesses. Example:

In addition to this, this package allows you to add a random number of hidden inputs aka "honeypots" (or bait). Your regular users would never see these, but the bots do. Bots tend to fill out all inputs so you can then easily reject any forms that have the "bait" inputs filled out.

By doing this, bots will struggle to decipher your form, record the POST data, and spam your site.

Installation

To install this package, just follow these quick and easy steps.

Composer

Pull this package through composer by opening composer.json file and adding this within require:

Afterward, run either composer update or composer install.

Providers and Aliases

Next, open config/app.php and add this to your providers array:

and this to your aliases array:

Usage

Creating Input Fields

Normally, this is how you would create a username input field:

However, we want to randomize the name, and to do so, we use the Defender facade:

Here are some other common inputs (like email and password) that are all built-in to the package.

You can also easily create your own custom type by using the get method and passing in the name of your input.

With that said, I'm sure a lot of you are wondering how you retrieve the values if the names are all randomized. That's easy. In your controller, you can easily retrieve these values by using the same methods.

Example Controller:

Honeypots

This is all great, but to make it even more bulletproof, we need some honeypots. These are editable fields that are invisible to people. If bots fill them out, then we know to reject the submission. We can create honeypots in multiple ways.

The most basic method is by using the baitToken method. This simply creates a randomized token as bait. However, it does not hide the field. I recommend using JavaScript or CSS to hide this input.

The baitField method creates a random type of input (text, email, password, radio, checkbox, etc.). A random styling is also applied that hides these inputs.

Finally, we have the baitFields method. This not only creates a random input field, but it also creates a random number of input fields.

The baitFields method also accepts an integer argument. For example, Defender::baitFields(20) will output anywhere from 1 to 20 hidden baits.

Validating & Rejecting

You use the same methods to validate the fields.

As for rejecting the honeypots, the simplest way to do this is by adding the packages's DefendAgainstSpam middleware. To do this, open app/Http/Kernel.php, and add the middleware to either the $middleware or $routeMiddleware arrays. If you add it to the $middleware array, then this package will check the honeypots in every single request. This is the easiest way to handle it. However, if you would like to apply the middleware to specific routes, then you need to add it to your $routeMiddleware array. Both examples are demonstrated below.

If you added it to $routeMiddleware, you now need to manually check specific routes so change your routes file to reflect that.

If the middleware catches a potential spammer, it will throw an InvalidFormException. You can catch this inside your app/Exceptions/Handler.php file and do whatever you want.

Finally, for those who don't want to use the middleware, you can use the custom validation rule, 'reject'.

License

This package is free software distributed under the terms of the MIT license.