Free Download miss-used by spam bots

Posted by: H.M.

19th November 2024, 7:15 pm

H.M.

@ProjectBeauty

19 Nov 2024
7:15 pm

Since a few weeks, spambots misused the buttons I made to download Free PDF files.
I'm getting a lot of complaints, bounces, etc., for sending download emails that people do not want.
Is there a way to block this misuse??
I can't find the good option in the settings. 😣

Last modified: 21st November 2024, 10:24 am by H.M.

  • Forum Moderator
    Peter Wilkinson

    @wpenhanced

    22 Nov 2024
    12:30 pm

    Hi!

    We don't have a captcha on the form right now (bit of an oversight on our part!) so I will create a task for us to add this.

    Do you have any preference on captcha methods?

    thanks

    Ben

  • H.M.

    @ProjectBeauty

    22 Nov 2024
    2:43 pm

    I will check with our system manager and let you know asap.

  • H.M.

    @ProjectBeauty

    28 Nov 2024
    11:33 am

    Hi Ben,

    This is the advice I got:

    Use passkeys: You can generate a unique passkey for each user session and embed it in a hidden field in the form. You can then validate the passkey on the server side before processing the form data.

    Hidden field detection: You can add a hidden field in theform that is not visible to human users but can be filled by bots. You can then check if the hidden field is empty or not on the server side before processing the form data.

    Send email (best solution): You can send a verification code to the user’s email address and ask them to enter it in the web form. You can then verify the code on the server side before processing the form data.

    Until one of these option has been established, maybe indeed implement Captcha first, preferably hCaptcha.