Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms


In this Hasty Treat, Scott and Wes talk about forms, captchas, dealing with malicious users, and more!

LogRocket - Sponsor

LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.

Show Notes

02:00 - So you made a form:

  1. Contact form
  2. Sales form
  3. Email signup for newsletter
  4. Bug report
  5. Sign up for an account
  6. Password reset

03:00 - Now someone is going to:

  1. Have a bot that submits it
  2. Maliciously write a bot that submits thousands

04:14 - So what can you do?

4:54 - Honey pot

  • This is a field that is either hidden or you tell the user not to fill in
  • Can goof up autofill
  • Works in many cases

07:37 - IP Throttle

  • Only allow each IP to do an action a certain number or times inside a window
  • You may only try signing up once per 10 mins

09:48 Block known ASN

12:37 - Captcha

  • Soft captcha: “What is 1 plus 1?”
  • Annoying captcha: Type these letters
  • Google captcha: Train our self driving cars
  • Hidden captcha
  • Cloudflare hCaptcha
Links Tweet us your tasty treats!

Audio Player