Multilayer Spam Protection

gistfile1.md

How to Test Multilayer Spam Protection

Rate Limiting (5 Requests per Hour per IP)

Submit valid form 6 times quickly. Expect the 6th shows “Too many submissions…”. Reset counter:

php artisan cache:forget contact_us_127.0.0.1
php artisan cache:forget contact_us_::1

Honeypot (Bot Trap)

In DevTools Console on the form page:

document.querySelector('input[name="website"]').value = 'spam';
document.getElementById('contactUsForm').submit();

Expect error “Spam detected…”.

reCAPTCHA v2 Fallback

In local, server skips reCAPTCHA, so this is UI-only: In DevTools Console:

showRecaptchaV2();

User Agent Filtering

Open Chrome DevTools → Network tab → three-dot menu → More tools → Network conditions → uncheck “Use browser default”, set UA to something like: “curl/7.68.0” or “Selenium/3.0” or “HeadlessChrome/1.0” Submit form. Expect error “Suspicious activity detected…”.

Logs you should see

1. Rate limit: “Contact form rate limit exceeded”
2. Honeypot: “Contact form honeypot triggered”
3. Suspicious UA: “Suspicious contact form submission blocked”
4. Local recaptcha skipped (rule exits early): no v3 score logs in local

When you’re done testing

• Clear cache if needed:

php artisan cache:clear