https://stackoverflow.com/questions/18596313
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianHow about using captcha in the form.
Have a look at this simple catcha gem.
Prevent automated robots submitting forms to ruby on rails application?
-
27-06-2022 - |
Question
What would be a good decent way to fix a form that is submitted everyday numerous times by robots posting all kind of rubbish through it?
I have this beta signup form with a hidden field and a username and password field. This get's submitted numerous times a day and results in error reports in my rails application.
Is there a decent ruby on rails way to prevent robots submitting my forms? I know you can do all kind of stuff in the frontend but most tricks seem to fail ( im using a hidden field trick to check for robots, still they pass there mess true )
EDIT #1:
Adding the form data posted by automated robot. It seems its posting extra form fields even when they are not present in the form.
- URL : http://mysite.com/beta * IP address: 91.121.170.197 * Parameters: {"utf8"=>"✓", "authenticity_token"=>"8mvHnQgX0krwnymdOeQgd8AP52H/ZrJKjnKcUBGrcMM=", "betum"=>{"code"=>""}, "name"=>"Bryan", "email"=>"quaker@yahoo.com", "commit"=>"Joignez-vous »", "comment"=>"I need to charge up my phone http://pposchool.com/classes/ \">desirel 50 provided that no more than two of the rotations are involved in non-patient care\n http://sdccpa.com/professionals \">Proventil Hfa Inhaler Cost Goal 6: Promote public health and disease prevention.\n http://hunterdk.com/products-2/ \">cost clomid treatment uk 12. Displays effective nonverbal behaviors (eye contact, body language,\n ", "action"=>"create", "controller"=>"beta"} * Rails root: /srv/myapp/current * Timestamp : 2013-09-03 17:34:10 +0200
Solution
OTHER TIPS
Hard to understand very last part of your question...I'm wondering whether the hidden field is getting filled in by robots or it's being left blank (as it would by a real user).
If it's consistently being filled in then why not just reject any form that contains a value in that hidden field?
Captcha is heavy hammer and should be a last resort. It f's up your UX. If robots.txt doesn't work, blacklist the IP(s) using Rack Attack. Rack attack offers all kinds of cool ways to filter nuisance traffic, rate limit, etc.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
