LogoLogo
10.0.x
10.0.x
  • Overview
    • About Varbase
    • Roadmap
    • Release Cycle and Supported Versions
    • How to Get Support
  • Developers
    • Getting Started
    • Installing Varbase
      • Requirements
      • Installing Varbase locally with DDEV
      • Installing Varbase locally with Lando
    • Understanding Varbase
      • Basic Concepts
      • Core Components
        • Varbase Core
          • Varbase Admin
          • Varbase Page
          • Varbase Security
          • Varbase Webform
          • Varbase Default Content
          • Varbase Tour
        • Varbase Media
        • Varbase Editor
        • Varbase Email
        • Varbase SEO
        • Varbase Workflow
        • Varbase Dashboards
        • Varbase Layout Builder
          • Varbase Landing page (Layout Builder)
          • Varbase Heading Block
          • Varbase Rich Text Block
          • Varbase HTML Code Block
          • Varbase Media (Image/Video) Block
          • Varbase Gallery Block
        • Varbase Components
        • Vartheme Claro
        • Vartheme BS5
      • Optional Components
        • Varbase AI
          • Varbase AI Default recipe
          • Varbase AI Editor Assistant recipe
          • Varbase AI Image Alt recipe
          • Varbase AI Taxonomy Tagging recipe
          • Varbase AI Agents recipe
        • Varbase API
        • Varbase Internationalization
        • Varbase Hero Slider
        • Varbase Carousels
        • Varbase Blog
        • Varbase Search
        • Varbase Social Single Sign-On
        • Varbase Media Twitter
        • Varbase Media Instagram
        • Varbase Content Planner
        • Varbase Bootstrap Paragraphs
          • Varbase Bootstrap Paragraphs Text and Image
        • Varbase Landing Page (Paragraphs)
      • Additional Components
        • Varbase Media Header
        • Varbase FAQs
        • Varbase Reports
        • Varbase Commerce
        • Varbase YouTube Import
      • Development Components
        • Varbase Development
        • Reroute Email
        • Varbase Updates Helper
      • Deprecated Components
        • Varbase Media Hero Slider
        • Varbase Style Guide
        • Vartheme BS4
        • Varbase Total Control Dashboard
    • Configuring a Varbase Site
      • Navigation
        • Defining Active Menu Trail Using Menu Position
      • Using View Modes Inventory
      • Content Moderation and Workflows
      • URL Aliases in Varbase/Drupal
        • Configuring URL Aliases
        • Managing URL Aliases
      • Managing URL Patterns for Multilingual Websites
      • Managing Date and Time Formats to Display Across the Site
      • Using Varbase Layout Builder
        • Creating a Landing Page With Varbase Layout Builder
        • Activating Varbase Layout Builder for Content Types
      • Configuring Pathologic When Going Live
      • Configuring SEO Features
        • Disallow Oembed Media Links
      • Configuring Security Features
        • Spam Protection
        • Password Policies
        • Other Security Kits
        • Flood Contorl
        • Enable HTTP Password Authentication
      • Configuring JSON:API Features
      • Configure Varbase Media Hero Slider
      • Configuring Varbase Media Header
      • Configuring Varbase Mailer Settings
        • Configure Symfony Mailer
      • Configure Level of Logging and Errors
      • Entity Definition Update Manager Class
      • Module Installer Factory Class
      • Configure Ckeditor 5 Media Embed
    • Theme Development with Varbase
      • Understanding The Vartheme Starterkit Theme
      • Creating Your Own Theme
      • Integration of Varbase with Storybook 1.0 - CL Server
      • Integration of Varbase with Storybook 2.0
      • Customize a Varbase Single Directory Components (SDC) In a Custom Theme
      • Local Tasks and Moderation Sidebar
      • Add Preloaded Fonts in Vartheme
      • Command to Install Needed Theming Tools
      • Manually Install Needed Theming Tools
    • Launching a Varbase Site to Production
    • Updating a Varbase Site
      • Understanding Varbase Updater Package
      • Handling Patches When Updating
      • Handling Configuration Updates
      • Updating Varbase to work with Composer 2.0
      • Updating Drush to the Latest Stable Version
      • Version Update Guides
        • Updating Varbase ~9.0 to Drupal 10
        • Updating from Varbase 8.x to 9.x
    • Varbase Patches
    • Frequently Asked Questions (FAQs)
    • Extending Varbase
      • Overriding Varbase
      • Creating Your Own Feature
      • Install Needed YARN and Webpack Tools
      • Compiling Provided Component Styles
      • Check Standards/Practice Coding And Linting
  • Content Designers
    • Accessing the Administration Area
      • Website Environments
    • Dashboard
      • Reports
    • Content Management
      • Create Content
        • Rich-Text Editor “WYSIWYG”
      • Modify Content
      • Delete Content
      • Preview Content
      • Bulk Edit Content
      • Publish Content
      • Authoring Information
    • Content Structure
      • EntityQueues
        • Add a New Term
      • Menu Management
        • Add Menu Items
        • Update Menu Items
        • Adding a Page to the Menu
      • Taxonomies
        • List Terms
        • Add Terms
        • Reorder and Edit Terms
    • Content Translation
      • Translating Content
      • Language Switcher
      • Deleting a Translation
      • Editing a Translation
    • Content Workflow
    • Layout Builder
      • Section
        • Section Styles
      • Block Management
        • Block Styles
      • Reordering Blocks
    • Webforms
      • Create New Webform View
      • Setting up Emails Handler Conditions
      • Setting up Confirmations Message Settings Types
    • Media Management
      • Accessing the Media Library
      • Uploading Media Files
        • Image
        • Remote Video
        • Video
      • Applying Metadata and Descriptions
      • Resizing Images
    • User Management
      • Login & Registration
      • Add User
      • Edit User
      • Delete User
      • Simulating Another User
      • Default Roles and Site Personas
        • Edit Roles' Permissions
        • Managing Roles
    • URL Management
      • URL Aliases
      • Generating URL Alias
      • URL Redirects
      • Domain Redirects
    • SEO Management
      • XML Sitemap
      • Meta Tags in Varbase
      • Disallow Indexing for Content Items
    • Site Configuration
      • System
        • Clearing Varbase Cache
        • Google Analytics
        • Mail Templates
      • User Interface
        • Coffee
        • External Links
        • Gin Moderation Sidebar
        • Layout Builder Modal
        • Moderation Sidebar
        • Shortcuts
        • Taxonomy Manager
        • Tours
        • CL Components
        • Antibot
        • Responsive Preview
        • Navigation Settings
      • Development
      • Varbase Settings
      • Web Services
        • OpenAPI
    • Additional Tips
      • Content Uploading Standards
      • Common Error Handling Tips
      • Glossary
  • Contributing
    • Contributing to Documentation
Powered by GitBook
On this page
  • CAPTCHA and reCAPTCHA on Forms
  • Enable reCAPTCHA
  • Adding CAPTCHA Challenge to a Specific Form
  • Honeypot
  • Enabling Honeypot
  • Configuring Honeypot
  • Antibot
  • Enabling Antibot
  • Configuring Antibot
  1. Developers
  2. Configuring a Varbase Site
  3. Configuring Security Features

Spam Protection

PreviousConfiguring Security FeaturesNextPassword Policies

Last updated 1 year ago

Spam is sending bulks of emails or submissions at low volume per IP this can cause issues as it could be harmful and annoying. One of the ways spammers can damage a website is by using forms found on that website; forms are great and helpful however they are still vulnerable to attackers and spambots that are trying to crack into websites found on the web.

CAPTCHA and reCAPTCHA on Forms

To configure the CAPTCHA methods in your site, navigate to: Administration \ Configuration \ People \ CAPTCHA module settings

A CAPTCHA can be added to virtually each form in your website. The configuration page allows you to configure settings such as:

  • Default CAPTCHA method

  • Challenge description

  • Persistence options. Whether you want the CAPTCHA challenge to appear every time or to skip after a successful challenge

  • Enable statistics

  • Log wrong responses

Enable reCAPTCHA

To enable reCAPTCHA, you'll need a Site key and Secret key for your site. These are provided from Google's reCAPTCHA administration page.

  1. Navigate to the reCAPTCHA tab in your site (Administration \ Configuration \ People \ CAPTCHA module settings \ reCAPTCHA

  2. Change the Widget settings to match your site's theme

Adding CAPTCHA Challenge to a Specific Form

  1. Navigate to Form settings tab in your site (Administration \ Configuration \ People \ CAPTCHA module settings \ Form settings

  2. Click on "+ Add captcha point" to add a new form to the list

  3. Enter the form ID (e.g. user_register_form) and choose the enabled CAPTCHA type on it, or keep it as the default challenge configured for the site

You can also add a CAPTCHA challenge on Webforms individually from the Webform building page, by adding a new CAPTCHA element to the form.

Adding a CAPTCHA challenge to a Webform this way will not list the form in the Form settings page.

Honeypot

Honeypot is a spam-prevention module that comes installed with Varbase to provide extra protection to forms submitted on the site, Honeypot protects forms by adding an extra hidden field which can only be seen and filled by bots, and blocks that submission in case anything was found in that field, another form of protection provided by Honeypot is by adding a time restriction on forms which prevents a form from being submitted before a specific timestamp.

Enabling Honeypot

  1. Navigate to Administration \ Structure \ Webform \ Configuration

  2. Scroll down to Third party settings

  3. Check the Protect all webforms with Honeypot checkbox

Configuring Honeypot

Navigating to Administration \ Configuration \ Content authoring \ Honeypot configuration will show the Honeypot settings, the most important things here are:

  1. The time limit which will control the timestamp after which a form can be submitted (2 seconds by default),

  2. The element name field which will have the name of the hidden field provided by Honeypot

Antibot

Antibot is a module that comes installed with Varbase to protect Webforms from being submitted by robots. This is achieved by forcing the users to have javascript enabled to be able to see and submit the form. While providing a free-captcha experience.

Enabling Antibot

In Varbase, Antibot is enabled to protect all webforms by default, this can be seen in the Webforms configurations page.

  • Navigate to Adminstration \ Structure \ Webform \ Configuration

  • Check Third party settings section

  • The checkbox is selected by default.

Configuring Antibot

  • Navigate to Administration \ Configuration \ User interface \ Antibot that shows the forms that are protected and which can be edited.

  • Display forms IDs when enabled will show the form ID on any page that contains a form and whether that form is protected by Antibot or not.

In case Antibot is enabled and the user trying to see the form has Javascript disabled, a warning message will show up stating that Javascript must be enabled to use the form.

Obtain a Site key and and a Secret key from , and enter it the reCAPTCHA configuration page

Webforms - Third Party Settings - Honeypot
Honeypot Configurations
Webforms - Antibot Settings
Antibot Settings
Contact Form With ID Displayed by Antibot
Antibot’s Warning Message
https://www.google.com/recaptcha/admin
CAPTCHA Settings