Forms are popular attack points for spammers
Poorly protected forms are one of the most popular attack points for spammers. Many website operators have had painful experiences in this regard.
Visforms supports several different options for successful spam defense. These options can be combined with one another.
Depending on how strongly your website is attacked, how intelligent the attackers are and how long the attackers have been able to practice with your site:
- There is not always 100 percent protection in all cases.
- Individual active methods must be configured differently.
- Additionally use the IP blacklists in the Visforms spam protection plugin.
- Use other DNS providers in the Visforms spam protection plugin.
- Other methods must be activated for the form.
- If you have only worked with captchas so far, use the other methods as an alternative or in addition.
Anti-spam honeypot
The anti-spam technology honeypot is used to prevent spam bots from filling out website forms and submitting them successfully.
This is a hidden field in Visforms that the form fillers cannot see, but spam bots can.
Since real people cannot see it, they will not fill it out.
This is how it can be recognized after the form has been submitted that it was a spammer.
You can add an anti-spam honeypot to every form by simply activating it in the form configuration. Evaluation and misleading feedback to the spammer are automatic.
Visforms spam protection plugin and online spambot databases
Note: The Google Recaptcha comes with a fixed width that can hardly be influenced.
Visforms offers an alternative way to prevent spamming via forms. No captchas need to be entered.
This plugin stops spam directly at the source. It uses various large DNS and email blacklist providers to prevent spammers from registering and logging into your website. SpambotCheck provides you with real-time spam protection that various international organizations are constantly and continuously working on.
The Visforms spam protection plugin uses these online spambot databases and can therefore stop a large number of known spammers.
Captchas
Note: In fact, many captchas are easier to solve, especially for AI-supported spam bots, than for humans.
The use of captchas as spam protection is only partially user-friendly and legally quite complex and controversial:
- Users experience captchas as annoying, time-consuming and frustrating.
- Captchas can be difficult for users to understand due to language and cultural barriers.
- Captchas can be difficult to master, especially for people with visual impairments or other disabilities, as well as for older people.
- Some captcha services track users or use third-party services that raise massive data protection concerns.
Of course, Visforms also supports this Protection with Captcha:
Additional protection options
Anti-spam honeypot, Visforms spam protection plugin and captchas are extensive and effective in protecting the forms from spammers as far as possible.
In addition, there are
additional protection options
to further intensify security.
Protection of our own website
On our own website, we only use our Visforms spam protection plugin to protect the forms. This alone means that we usually receive a contact form that contains spam less than once a month. As website operators, we are completely satisfied with this.
We have almost no maintenance work with the operation of the Visforms spam protection plugin. The actual work is done elsewhere by the operators of the large online spam bot databases.
Google services reCAPTCHA v2 and v3
Note: Starting with Joomla 5, Visforms no longer supports the Joomla reCAPTCHA plugin.
Advantages
The biggest advantage of the latest version, Google reCAPTCHA v3, is that users no longer have to be ‘forced’ to take an explicit test.
In addition, there are even more advantages for website operators when fine-tuning the Google API.
Disadvantage regarding personal data
Whenever the Google reCaptcha services are used, personal data is forwarded to Google depending on the version:
- IP address,
- Access location,
- Time,
- Referrer URL,
- Operating system,
- Cookies,
- Mouse movements/keystrokes,
- Length of stay,
- Device settings (e.g. language settings or location).
Google usually has additional data from the user at the same time.
Google receives this data due to the numerous background services on other websites that Google offers for integration:
- Google Maps,
- Google Analytics,
- Google Ads,
- and others.
Note: This means that the use of the Google reCaptcha v2 and v3 services also enables comprehensive tracking on your own website.
Disadvantages regarding GDPR
reCAPTCHA cannot be easily integrated into a page. Measures are necessary that allow reCAPTCHA to be integrated in a way that complies with the GDPR.
With the following measures, reCAPTCHA can be used in a way that is as GDPR-compliant as possible:
- reCAPTCHA note in the privacy policy
The functionality of reCAPTCHA should be transparently integrated into the privacy policy.
Not only the bare essentials can be described, but they must be described specifically.
Users must therefore understand the advantages of using it and what data is required for it. \ - Integrate reCAPTCHA in cookie banner
The user must explicitly consent to the collection of their data for reCAPTCHA.
reCAPTCHA must therefore be integrated into your cookie banner and your consent management platform. \
Disadvantages regarding Visforms
The Google reCAPTCHA can only be displayed once per page.
You can display Visforms forms simultaneously as a module, in an article and as a component.
Due to the lack of multi-instance capability of the Google Recaptcha, this can quickly lead to complications and display problems in practice.
The Google reCAPTCHA can also be used in the Joomla login and in Joomla contact forms.
It is therefore easily possible that you generate a page on which more than one Google reCAPTCHA is requested.
Note: When using Google reCAPTCHA, you must always ensure that only one Google reCAPTCHA is displayed per page by configuring modules and components.
The Google reCAPTCHA comes with a fixed width and can hardly be changed in this regard.
Note: When using Google reCAPTCHA, the fixed width of reCAPTCHA may cause forms to not fit into the module area of your website.
reCAPTCHA in Joomla 5 and Visforms
Joomla 5 has removed the Google reCaptcha service from its core area and no longer contains a reCaptcha plugin. There are only plugins from third-party providers.
Visforms also no longer supports the reCaptcha plugin. We are following Joomla 5’s decision to remove the Google reCaptcha service from its core area.
Note: It is also possible to operate a Visforms form without a Google reCAPTCHA that does not allow spam to pass through and is also GDPR compliant.