Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the S...
source link: https://syntax.fm/show/263/hasty-treat-forms-captchas-honeypots-dealing-with-malicious-users-and-the-sad-state-of-contact-forms
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Jul 6th, 2020
Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
👇 Download Show✏️ Edit Show NotesIn this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!
LogRocket - Sponsor
LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.
Show Notes
02:00 - So you made a form:
- Contact form
- Sales form
- Email signup for newsletter
- Bug report
- Sign up for an account
- Password reset
03:00 - Now someone is going to:
- Have a bot that submits it
- Maliciously write a bot that submits thousands
04:14 - So what can you do?
4:54 - Honey pot
- This is a field that is either hidden or you tell the user not to fill in
- Can goof up autofill
- Works in many cases
07:37 - IP Throttle
- Only allow each IP to do an action a certain number or times inside a window
- You may only try signing up once per 10 mins
09:48 Block known ASN
12:37 - Captcha
- Soft captcha: "What is 1 plus 1?"
- Annoying captcha: Type these letters
- Google captcha: Train our self driving cars
- Hidden captcha
- Cloudflare hCaptcha
Links
Tweet us your tasty treats!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK