Basic Protection Methods

There are several effective ways to protect forms from automated spambots:

Honeypot fields
Hidden fields that are invisible to humans, but filled in automatically by a bot.

Checking the completion time
Monitoring the interval between opening a form and submitting it.

HTTP Header Analysis
Checking the correctness of REFERER and other headers.

Renaming fields
Replacing standard field names (email, name) with random identifiers.

Practical Implementation

Example with decoy fields

php
// Create a form
require 'botobor.php';
$html = $form->getHTML();
$bform = new Botobor_Form($html);
$html = $bform->getCode();

// Handle submission
if (Botobor_Keeper::isHuman()) {
    // Processing form data
}

Configuring security settings

php
// Configuring settings
$bform->setCheck('honeypots', false); // Disable honeypot fields
$bform->setDelay(2); // Minimum time to fill out (sec)
$bform->setLifetime(60); // Maximum form lifetime (min)

Additional security methods

Automatic CAPTCHA
Create a hidden field with a specified value via JavaScript.

IP blocking
Limit the number of requests from a single IP address.

Activity check
Analyze user behavior when filling out a form.

Implementation recommendations

Use a combination of security methods

Configure logging of spam attempts

Update security mechanisms regularly

Test forms with real users

A simple example Protection

php
// Simple spam check
if (isset($_POST['hidden_field'])) {
    die("Spam attack detected");
}

// Checking the time of completion
$form_time = $_SESSION['form_time'];
$current_time = time();
if ($current_time - $form_time < 2) {
    die("Form filled out too quickly");
}

This approach will effectively protect your forms from most spambots without inconveniencing real users.