Ryan BrownThere was recently a discussion on a ColdFusion Facebook Group about different techniques to stop unwanted traffic to your site and more specifically your input forms. While these techniques were mentioned on a ColdFusion group, they can generally be applied to any environment. We’re going to pull out the most popular comments for you, but you can click here to read the entire conversation. If you do not have a Facebook account, just click on the X to close the login form and you can see the content.
The general consensus was that a layered security approach is best. You need some form of protection (a “moat”) before the unwanted traffic gets to the site. And then on-page protections to stop spam submissions.
As far as a moat goes, traditional firewalls were mentioned if you had your own hardware and then using IIS to deny entry for those with hosted sites. But the most popular “moat” mentioned was Cloudflare. They offer customers the benefits of an extra layer of DDoS protection, Best-in-class WAF, Global CDN, and a fast, and easy-to-use DNS. xByte Cloud has partnered with Cloudflare to offer their solutions. You can read more about why you should Cloudflare them and how to implement the Cloudflare solution. Fuseguard from Foundeo and Edge.IO were also mentioned as recommended WAF solutions.
There were many on-page techniques that people use depending on their needs. Captcha was mentioned many times with positive (stops spam) and negative comments (frustrating user experience). We’ve all had the experience of trying to fill out a form and failing the captcha test. To prevent that experience, several people posted about honeypot fields on their forms. They have hidden fields that must be blank and any data entered triggers the captcha or it can block the form completely. Triggering captcha because the form was completed too fast was another technique used to limit the use of captcha.
