How to prevent spam using vue and laravel?
This is purely a theoretical/subjective question about vue and laravel.
I need to prevent spamming on public forms/inputs using vue and laravel i.e the forms which are available publically before user actually logs in to the application such sign up form (especially), search forms etc.
As per my knowledge, vue works on virtual DOM and spam bots also crawl on DOM but don't know if they are capable of crawling on virtual DOM. There are number of questions I am being encountered.
- Can spam bots abuse vue elements ?
- Will laravel's primitive csrf protection be enough ?
- Will it be feasible to implement HoneyPot technique to filter out spam requests ?
I sincerely need your views/opinions/advice/suggestions in this matter.
laravel vue.js
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
add a comment |
This is purely a theoretical/subjective question about vue and laravel.
I need to prevent spamming on public forms/inputs using vue and laravel i.e the forms which are available publically before user actually logs in to the application such sign up form (especially), search forms etc.
As per my knowledge, vue works on virtual DOM and spam bots also crawl on DOM but don't know if they are capable of crawling on virtual DOM. There are number of questions I am being encountered.
- Can spam bots abuse vue elements ?
- Will laravel's primitive csrf protection be enough ?
- Will it be feasible to implement HoneyPot technique to filter out spam requests ?
I sincerely need your views/opinions/advice/suggestions in this matter.
laravel vue.js
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
1
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46
add a comment |
This is purely a theoretical/subjective question about vue and laravel.
I need to prevent spamming on public forms/inputs using vue and laravel i.e the forms which are available publically before user actually logs in to the application such sign up form (especially), search forms etc.
As per my knowledge, vue works on virtual DOM and spam bots also crawl on DOM but don't know if they are capable of crawling on virtual DOM. There are number of questions I am being encountered.
- Can spam bots abuse vue elements ?
- Will laravel's primitive csrf protection be enough ?
- Will it be feasible to implement HoneyPot technique to filter out spam requests ?
I sincerely need your views/opinions/advice/suggestions in this matter.
laravel vue.js
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
This is purely a theoretical/subjective question about vue and laravel.
I need to prevent spamming on public forms/inputs using vue and laravel i.e the forms which are available publically before user actually logs in to the application such sign up form (especially), search forms etc.
As per my knowledge, vue works on virtual DOM and spam bots also crawl on DOM but don't know if they are capable of crawling on virtual DOM. There are number of questions I am being encountered.
- Can spam bots abuse vue elements ?
- Will laravel's primitive csrf protection be enough ?
- Will it be feasible to implement HoneyPot technique to filter out spam requests ?
I sincerely need your views/opinions/advice/suggestions in this matter.
laravel vue.js
laravel vue.js
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
asked Jan 19 at 6:22
Dinesh SutharDinesh Suthar
5510
5510
1
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46
add a comment |
1
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46
1
1
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46
add a comment |
1 Answer
1
active
oldest
votes
Can spam bots abuse vue elements?
Yes they can. Vue components are rendered into actual html the browser understands. Of course, someone could emulate input elements via other means, but this is a usability nightmare for accessibility. It means a large portion (this survey suggests 1/5th of visitors) cannot use your forms. I strongly recommend against using such a method.
Will laravel's primitive csrf protection be enough?
CSRF is not bot protection. CSRF is a protection mechanism that protects against cross-site forgery attacks. Or in other words: Users getting tricked into doing things on your site without their intent, by abusing a mechanic where browsers send authentication cookies with every request. A CSRF token is a non-guessable piece of information that is only available through other means, which allows you to ignore any requests with an invalid CSRF token.
Will it be feasible to implement HoneyPot technique to filter out spam requests?
No, not really. Honeypots work on the dumbest of bots. Any bots that are able to identify which elements are visible on the page, either through rendering the page, or by static analysis of CSS, are able to figure out which fields to fill out and which fields to leave alone.
Do you have other options?
You have two other options. As suggested by David Weldon in the comments, using recaptcha V3 will massively cut down on spam by scoring the trustworthyness of the submission, based on interactions with the site. You can ignore form submissions with too low of a score. You can use a visible or (partly) invisible recaptcha V2 if you want users to be able to bypass the recaptcha.
Your other option is to use a service like Akismet for Wordpress. Such a service relies on many sites and forms to send their form submissions to such a service, which allows them to identify form submissions that occur on a large percentage of sites that are most likely spam, and filter them out completely. You may be able to find a similar service with a wide enough reach to be effective.
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54264613%2fhow-to-prevent-spam-using-vue-and-laravel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Can spam bots abuse vue elements?
Yes they can. Vue components are rendered into actual html the browser understands. Of course, someone could emulate input elements via other means, but this is a usability nightmare for accessibility. It means a large portion (this survey suggests 1/5th of visitors) cannot use your forms. I strongly recommend against using such a method.
Will laravel's primitive csrf protection be enough?
CSRF is not bot protection. CSRF is a protection mechanism that protects against cross-site forgery attacks. Or in other words: Users getting tricked into doing things on your site without their intent, by abusing a mechanic where browsers send authentication cookies with every request. A CSRF token is a non-guessable piece of information that is only available through other means, which allows you to ignore any requests with an invalid CSRF token.
Will it be feasible to implement HoneyPot technique to filter out spam requests?
No, not really. Honeypots work on the dumbest of bots. Any bots that are able to identify which elements are visible on the page, either through rendering the page, or by static analysis of CSS, are able to figure out which fields to fill out and which fields to leave alone.
Do you have other options?
You have two other options. As suggested by David Weldon in the comments, using recaptcha V3 will massively cut down on spam by scoring the trustworthyness of the submission, based on interactions with the site. You can ignore form submissions with too low of a score. You can use a visible or (partly) invisible recaptcha V2 if you want users to be able to bypass the recaptcha.
Your other option is to use a service like Akismet for Wordpress. Such a service relies on many sites and forms to send their form submissions to such a service, which allows them to identify form submissions that occur on a large percentage of sites that are most likely spam, and filter them out completely. You may be able to find a similar service with a wide enough reach to be effective.
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
add a comment |
Can spam bots abuse vue elements?
Yes they can. Vue components are rendered into actual html the browser understands. Of course, someone could emulate input elements via other means, but this is a usability nightmare for accessibility. It means a large portion (this survey suggests 1/5th of visitors) cannot use your forms. I strongly recommend against using such a method.
Will laravel's primitive csrf protection be enough?
CSRF is not bot protection. CSRF is a protection mechanism that protects against cross-site forgery attacks. Or in other words: Users getting tricked into doing things on your site without their intent, by abusing a mechanic where browsers send authentication cookies with every request. A CSRF token is a non-guessable piece of information that is only available through other means, which allows you to ignore any requests with an invalid CSRF token.
Will it be feasible to implement HoneyPot technique to filter out spam requests?
No, not really. Honeypots work on the dumbest of bots. Any bots that are able to identify which elements are visible on the page, either through rendering the page, or by static analysis of CSS, are able to figure out which fields to fill out and which fields to leave alone.
Do you have other options?
You have two other options. As suggested by David Weldon in the comments, using recaptcha V3 will massively cut down on spam by scoring the trustworthyness of the submission, based on interactions with the site. You can ignore form submissions with too low of a score. You can use a visible or (partly) invisible recaptcha V2 if you want users to be able to bypass the recaptcha.
Your other option is to use a service like Akismet for Wordpress. Such a service relies on many sites and forms to send their form submissions to such a service, which allows them to identify form submissions that occur on a large percentage of sites that are most likely spam, and filter them out completely. You may be able to find a similar service with a wide enough reach to be effective.
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
add a comment |
Can spam bots abuse vue elements?
Yes they can. Vue components are rendered into actual html the browser understands. Of course, someone could emulate input elements via other means, but this is a usability nightmare for accessibility. It means a large portion (this survey suggests 1/5th of visitors) cannot use your forms. I strongly recommend against using such a method.
Will laravel's primitive csrf protection be enough?
CSRF is not bot protection. CSRF is a protection mechanism that protects against cross-site forgery attacks. Or in other words: Users getting tricked into doing things on your site without their intent, by abusing a mechanic where browsers send authentication cookies with every request. A CSRF token is a non-guessable piece of information that is only available through other means, which allows you to ignore any requests with an invalid CSRF token.
Will it be feasible to implement HoneyPot technique to filter out spam requests?
No, not really. Honeypots work on the dumbest of bots. Any bots that are able to identify which elements are visible on the page, either through rendering the page, or by static analysis of CSS, are able to figure out which fields to fill out and which fields to leave alone.
Do you have other options?
You have two other options. As suggested by David Weldon in the comments, using recaptcha V3 will massively cut down on spam by scoring the trustworthyness of the submission, based on interactions with the site. You can ignore form submissions with too low of a score. You can use a visible or (partly) invisible recaptcha V2 if you want users to be able to bypass the recaptcha.
Your other option is to use a service like Akismet for Wordpress. Such a service relies on many sites and forms to send their form submissions to such a service, which allows them to identify form submissions that occur on a large percentage of sites that are most likely spam, and filter them out completely. You may be able to find a similar service with a wide enough reach to be effective.
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
Can spam bots abuse vue elements?
Yes they can. Vue components are rendered into actual html the browser understands. Of course, someone could emulate input elements via other means, but this is a usability nightmare for accessibility. It means a large portion (this survey suggests 1/5th of visitors) cannot use your forms. I strongly recommend against using such a method.
Will laravel's primitive csrf protection be enough?
CSRF is not bot protection. CSRF is a protection mechanism that protects against cross-site forgery attacks. Or in other words: Users getting tricked into doing things on your site without their intent, by abusing a mechanic where browsers send authentication cookies with every request. A CSRF token is a non-guessable piece of information that is only available through other means, which allows you to ignore any requests with an invalid CSRF token.
Will it be feasible to implement HoneyPot technique to filter out spam requests?
No, not really. Honeypots work on the dumbest of bots. Any bots that are able to identify which elements are visible on the page, either through rendering the page, or by static analysis of CSS, are able to figure out which fields to fill out and which fields to leave alone.
Do you have other options?
You have two other options. As suggested by David Weldon in the comments, using recaptcha V3 will massively cut down on spam by scoring the trustworthyness of the submission, based on interactions with the site. You can ignore form submissions with too low of a score. You can use a visible or (partly) invisible recaptcha V2 if you want users to be able to bypass the recaptcha.
Your other option is to use a service like Akismet for Wordpress. Such a service relies on many sites and forms to send their form submissions to such a service, which allows them to identify form submissions that occur on a large percentage of sites that are most likely spam, and filter them out completely. You may be able to find a similar service with a wide enough reach to be effective.
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
answered Jan 19 at 10:53
Sumurai8Sumurai8
13k83261
13k83261
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54264613%2fhow-to-prevent-spam-using-vue-and-laravel%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Can you use something like recaptcha? In the latest version, users don't even have to interact with an element in order to get a bot score. Of course, that only solves for bot-based spam. It doesn't prevent a human from manually typing viagra ads into your site.
– David Weldon
Jan 19 at 8:46