A lot of my clients complain about the fact that they receive lots of spam messages via the Magento contact and review forms.
Basically in most of these cases I recommend using professional services like Akismet and an appropriate Magento extension which effectively reduce the amount of spam messages to a minimum. (I don’t want to mention Captchas because I do not want to loose potential customers;-)
But there are also some simple code modifications that can easily be made in a couple of hours by yourself, e.g. for the contact form:
- Add “validate-alpha” class to the “name” field as well as Zend_Validate(.., ‘Alpha’) in the contacts controller
- Use an extension like Magento Honeypot to add a hidden field (Magento does this already but it can be easily detected as “honeypot” for bots)
- Track the time between rendering the page and submitting the form and add some threshold checks
- Block certain IP addresses/user agents
- Implement a black list of words that are typically used in spam messages
Of course generally its a game of cat and mouse because spam bots learn with each form and get better and better. Thats why – depending on your amount of spam – using professional services may make sense.