May 15, 2019
Securing from SPAM
Cyber security is complex. But most of the businesses have online forms. We do know that they have to be secured. Here is a time lined account of how we achieved total form protection.
Like many businesses, we do have ‘contact us’ form which is exposed to open internet i.e no login required. Spammer getting in with automated bots.
- Trial 1: We used Google Image selection ‘I am not a Bot’ on the page. However it is not effective. The spammer managed to get though it. In addition, it is actually counter-productive as many ad-blockers doesn’t even show the box to users. i.e we were loosing genuine customers.
- Trial 2: We replaced the Google Image selection ‘I am not a Bot’ with ‘Captcha’ image. Again bots got around. We were still getting spam and annoying users to read the image which is embedded in annoying backgrounds. Not a good user oriented design.
- Trial 3: We used out API (https://www.pivotsecurity.com), and set a challenge to give a developer 5 min to implement form security. Here is how we did it.
Option 1: Little or no integration
<form name=”pivotfrm” id=”contactForm” action=”/contact.php” method=”POST”>
<div id=”Xps145609sDxs” class=”modal”></div>
<input name=”pivotfrmsessionid” id=”pivotfrmsessionid” type=”hidden” data-key=”PUBLIC_KEY” data-uid=”” data-email=”” data-submit=”true” />
Place above code in your contact form and Now simply name your button ‘Xps145609sD’ so that the trigger will be assigned.
When user clicks the button (id: Xps145609sD), a email confirmation dialog will appear and let user put conformation code.
You have a choice to validate code on the server side for added security. Isn’t it neat?
Option 2: API driven integration
Using API approach requires you to present the email/phone no fields as well as conformation field. Using REST API ‘create’ and ‘validate’, customer email address/ Phone is validated and using ‘verifySession’ API, you get the validated email/phone no from the server.
Try it for free. https://www.pivotsecurity.com/
Full source available from GitHub.