derhansen / form_crshield
Challenge/response spambot protection for TYPO3 ext:form
Installs: 34 467
Dependents: 0
Suggesters: 0
Security: 0
Stars: 11
Watchers: 3
Forks: 4
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: ^7.2 || ^8.0
- typo3/cms-core: ^10.4.29 || ^11.5 || ^12.4
- typo3/cms-extbase: ^10.4.29 || ^11.5 || ^12.4
- typo3/cms-form: ^10.4.29 || ^11.5 || ^12.4
- typo3/cms-frontend: ^10.4.29 || ^11.5 || ^12.4
Requires (Dev)
- codeception/codeception: ^5.0
- codeception/module-asserts: ^3.0.0
- codeception/module-db: ^3.0.1
- codeception/module-phpbrowser: ^3.0.0
- codeception/module-webdriver: ^3.2.0
- typo3/cms-backend: ^12.4
- typo3/cms-extensionmanager: ^12.4
- typo3/cms-fluid-styled-content: ^12.4
- typo3/cms-install: ^12.4
- typo3/cms-recordlist: ^12.4
- typo3/cms-tstemplate: ^12.4
Replaces
- typo3-ter/form-crshield: 1.3.2
This package is auto-updated.
Last update: 2023-11-21 08:43:43 UTC
README
Form challenge/response spam shield
What is it?
Form challenge/response spambot shield is a TYPO3 extension to prevent automated form submissions in TYPO3 form extension.
How does it work?
Form challenge/response spam shield adds a hidden input field to every form generated by the TYPO3 form extension. The input field contains a data-attribute with a challenge. The included JavaScript will use the challenge to calculate an expected response which will be checked on every form submission. If the expected response is not submitted, validation for the hidden input field is considered as failed and no email will be sent.
In order to make automatic form submissions harder for spambots with active JavaScript, a configurable delay for the JavaScript response calculation can be defined in the extension settings (default value: 3 seconds).
Can the protection be bypassed?
Yes, the challenge/response spam shield can be bypassed, if the algorithm used by the extension is implemented to a spambot. This is however unlikely, since the spambot either has to use JavaScript (which I believe most spambots do not) or has to extract the challenge from the parsed HTML and must calculate and submit the response correctly.
Requirements
The extension uses JavaScript to calculate the expected response, so if JavaScript is disabled on client side, form submission will not be possible.
A modern webbrowser is required to run the JavaScript. Internet Explorer < 11 is not supported.
Installation
Just install the extension on your TYPO3 website using composer or the TYPO3 extension manager. No further configuration is required.
Settings
It is possible to configure the delay in seconds for the JavaScript response calculation. This can be done in the extensions settings. The default value is 3 seconds.
Logging
In order to log failed requests, it is possible to use a dedicated logfile like shown below:
$GLOBALS['TYPO3_CONF_VARS']['LOG']['Derhansen']['FormCrshield']['Hooks']['Form']['writerConfiguration'] = [
\TYPO3\CMS\Core\Log\LogLevel::DEBUG => [
\TYPO3\CMS\Core\Log\Writer\FileWriter::class => [
'logFile' => \TYPO3\CMS\Core\Core\Environment::getVarPath() . '/log/form-crshield.log',
]
]
];
Versions
| Version | TYPO3 | PHP | Support/Development |
|---|---|---|---|
| 1.x | 10.4 - 12.4 | 7.2 - 8.2 | Features, Bugfixes, Security Updates |