Hi today, my Contract Us form got spamed by someone. It is easy to deal with, I just select all the feedback emails and press delete. But, I am shopping for anti-spam approaches. Here is what I have,
1) Use IP.
This works in my current spam because he has the same IP, but, does this work well? To my understanding, some people can generate IP as he see fit? And what if there is DoS attack? Like he pretend to be someone and I block the IP for 30 minutes, but, then, another person with same IP get denied. Can happen in a shared network right?
2) Use Secret Code.
I can generate a secret code and put it in the form. The form has to have the secret code to be accepted. Problem is, they can also use some kind of jQuery AJAX to request the form, parse the doc, and copy the form, and send out POST? This can be easily bypassed.
what is worse is that, it encourage the attacker to keep requesting a new form with secret code for each attack. This would encourage draining my bandwidth as well.
3) Use reCaptcha .
Hmmm...... I hate reCaptcha as an user.
Any other idea about this?
Like use IP to track frequency and enable reCaptcha if too many attempts? Thank you.