Visforms 5
Overview

Overview

Poorly protected forms are one of the most popular attack points for spammers. Many website operators have had painful experiences in this regard.

Visforms supports several different options for successful spam defense. These options can be combined with one another.

Depending on how strongly your website is attacked, how intelligent the attackers are and how long the attackers have been able to practice with your site:

  • There is not always 100 percent protection in all cases.
  • Individual active methods must be configured differently.
    • Additionally use the IP blacklists in the Visforms spam protection plugin.
    • Use other DNS providers in the Visforms spam protection plugin.
  • Other methods must be activated for the form.
    • If you have only worked with captchas so far, use the other methods as an alternative or in addition.

Anti-spam honeypot

The anti-spam technology honeypot is used to prevent spam bots from filling out website forms and submitting them successfully.
This is a hidden field in Visforms that the form fillers cannot see, but spam bots can.
Since real people cannot see it, they will not fill it out. This is how it can be recognized after the form has been submitted that it was a spammer.

You can add an anti-spam honeypot to every form by simply activating it in the form configuration. Evaluation and misleading feedback to the spammer are automatic.

Visforms spam protection plugin and online spambot databases

Note: The Google Recaptcha comes with a fixed width that can hardly be influenced.

Visforms offers an alternative way to prevent spamming via forms. No captchas need to be entered.

This plugin stops spam directly at the source. It uses various large DNS and email blacklist providers to prevent spammers from registering and logging into your website. SpambotCheck provides you with real-time spam protection that various international organizations are constantly and continuously working on.

The Visforms spam protection plugin uses these online spambot databases and can therefore stop a large number of known spammers.

Captchas

Note: In fact, many captchas are easier to solve, especially for AI-supported spam bots, than for humans.

The use of captchas as spam protection is only partially user-friendly and legally quite complex and controversial:

  • Users experience captchas as annoying, time-consuming and frustrating.
  • Captchas can be difficult for users to understand due to language and cultural barriers.
  • Captchas can be difficult to master, especially for people with visual impairments or other disabilities, as well as for older people.
  • Some captcha services track users or use third-party services that raise massive data protection concerns.

Of course, Visforms also supports this Protection with Captcha:

A compact guide to selecting the reCAPTCHA type is available on this Google developer page: Select reCAPTCHA type.

Additional protection options

Anti-spam honeypot, Visforms spam protection plugin and captchas are extensive and effective in protecting the forms from spammers as far as possible.
In addition, there are additional protection options to further intensify security.

Protection of our own website

On our own website, we only use our Visforms spam protection plugin to protect the forms. This alone means that we usually receive a contact form that contains spam less than once a month. As website operators, we are completely satisfied with this.

We have almost no maintenance work with the operation of the Visforms spam protection plugin. The actual work is done elsewhere by the operators of the large online spam bot databases.

GDPR and reCAPTCHA v2 and v3

Note: Visforms supports the Google service reCAPTCHA V2 with its own implementation starting with Joomla 5.

A compact guide to selecting the reCAPTCHA type is available on this Google developer page: Select reCAPTCHA type.

Advantages

The biggest advantage of the Google services reCAPTCHA v2 and v3 is that users no longer have to be ‘forced’ to take an explicit test.
By default, only the most suspicious traffic is asked to solve a captcha.
An explicit test is therefore very rarely available for normal users of the form.

The latest Google service reCAPTCHA v3 relates to the entire website and records all user actions on the website.
The biggest advantage of the Google service reCAPTCHA v3 is that the entire website is monitored and analyzed.

In addition, there are even more advantages for the website operator when fine-tuning the Google API.
For example, the website operator can define sensible paths, i.e. sequences of the individual pages as normal users go through them.
Senseless paths of the sequence of page views usually come from automated spammers and can therefore be additionally detected.

Disadvantages

Google services reCAPTCHA v2 and v3 are not automatically compliant with the GDPR.
Basically, reCAPTCHA helps combat simple bots.

However, there are some significant limitations, including:

  • No protection against complex bots.
  • No optimization of the user experience.
  • Problems with non-compliance with data protection under the GDPR.
    There is a lack of transparency, which can undermine your GDPR compliance goals.

How to stay GDPR compliant

The GDPR is about telling users what data you collect and how you can use it.
You must therefore provide all reCAPTCHA users with the relevant information on your website.
This is the only way end users can give their legally secure informed consent.

1. Use a privacy policy for Google’s reCAPTCHA

Web sites using reCAPTCHA should have a privacy policy that specifically relates to reCAPTCHA.

It should include:

  • What it is.
  • How it is used.
  • How it works.
  • The legal basis for using it.
  • How people can withdraw their consent.
  • Names of third-party processors.
  • Where the third-party processors process data.
  • What safeguards they put in place.

You may already have a cookie policy on your website.

However, websites using reCAPTCHA must include:

  • All cookies placed by reCAPTCHA.
  • What cookies are placed.
  • What the cookies do.

Your cookie banner is the notice at the bottom of your website that informs users that you collect cookies.
Whether reCAPTCHA cookies are considered both marketing cookies and anti-spam cookies:
Your website needs to ensure that users have the option to opt out.

User data that can be collected

Whenever the Google reCaptcha services are used, personal data is forwarded to Google depending on the version:

  • IP address,
  • Access location,
  • Time,
  • Referrer URL,
  • Operating system,
  • Cookies,
  • Mouse movements/keystrokes,
  • Length of stay,
  • Device settings (e.g. language settings or location).

Google usually has additional data from the user at the same time.

Google receives this data due to the numerous background services on other websites that Google offers for integration:

  • Google Maps,
  • Google Analytics,
  • Google Ads,
  • and others.

Note: This means that the use of the Google reCaptcha v2 and v3 services also enables comprehensive tracking on your own website.

Disadvantages regarding Visforms

The Google reCAPTCHA can only be displayed once per page.

You can display Visforms forms simultaneously as a module, in an article and as a component.
Due to the lack of multi-instance capability of the Google Recaptcha, this can quickly lead to complications and display problems in practice.

The Google reCAPTCHA can also be used in the Joomla login and in Joomla contact forms.
It is therefore easily possible that you generate a page on which more than one Google reCAPTCHA is requested.

Note: When using Google reCAPTCHA, you must always ensure that only one Google reCAPTCHA is displayed per page by configuring modules and components.

The Google reCAPTCHA comes with a fixed width and can hardly be changed in this regard.

Note: When using Google reCAPTCHA, the fixed width of reCAPTCHA may cause forms to not fit into the module area of your website.

What's on this Page