Preventing bot submissions is a bit of an arms race. Django could add some protection but if many Django sites use it then bot scripts might be adapted to workaround it.
I've had success using django-recaptcha in the past: https://github.com/praekelt/django-recaptcha . django-honeypot looks good too. I think adding such protection would be a major project - research plus implementation. I think it could make a good Google Summer of Code project and will suggest it to the other DSF members. On Fri, 13 Dec 2019 at 04:02, אורי <u...@speedy.net> wrote: > Thank you. How do I use django-honeypot and how does it work? How does it > affect our human users and how does it affect the bots? I didn't understand > from their website. > > I added a new feature request https://code.djangoproject.com/ticket/31085 > אורי > u...@speedy.net > > > On Fri, Dec 13, 2019 at 5:50 AM Kye Russell <m...@kye.id.au> wrote: > >> This is more of a support question, but: >> https://github.com/jamesturk/django-honeypot will thwart the majority of >> (naive) automation attempts. >> >> >> On 13 December 2019 at 10:42:54 am, אורי (u...@speedy.net) wrote: >> >> Django developers, >> >> After releasing Speedy Net to production I received lots of spam to our >> contact forms [https://en.speedy.net/contact/ & >> https://en.speedymatch.com/contact/]. I found out that all of these spam >> messages were produced by bots. I had to add a new "no bots" field to this >> form, where I just ask users to type a specific number and validate it in >> the form. Since I added this field I didn't receive any more spam from the >> contact forms. I know Django is using CSRF cookie directives, but isn't it >> possible to prevent bots from submitting forms? I would like to remove the >> "no bots" field from this form as it is wasting time of our users who want >> to contact us. But I don't want to receive messages from bots. Is there >> another way to prevent bots from submitting forms? >> >> אורי >> u...@speedy.net >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-developers/CABD5YeGj%2BFdsrmq%3D_Yai3bJHDSG_5Q1tmXSHLSQv4YexgomZxQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-developers/CANK-ykkZSVhyDA4nNg0JKudbK9zdyXGVews48MN0pmAT47fb_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CABD5YeFYbT-0pA%3DuMsdEtZGCvQvVVNDFt3RKH-3zAc_vNik9hA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM3MzqGw-EQ9ApyWiFUsgKx-nqPvoGYZwbAOBvZu8pyTXg%40mail.gmail.com.
