function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
LB_DDLB_DD 

Prevent bots from submitting forms without Captcha, is possible?

Hello,

I have a public Visualforce page with a Form.
This page is part of a Managed Package.

I submit the package to security review and get this reply:

«Brute Force Vulnerability
Guest site don't have logging in or email validation. Use a CAPTCHA in the process to prevent a brute force attack on the system.»

I don't want to use the Captcha, isn't a good solution to the app, need a solution on the server side.

Anyone have the same problem and found a solution to this?
Any ideia to resolve this problem?

Salesforce have the Web-to-Lead form and don't control the brute force submmiting!


Thanks and regards.

LB

Anup JadhavAnup Jadhav

The easiest solution is to use CAPTCHA or something similar. If you solve this problem server side without CAPTCHA, then you've solved a NP-Hard problem.

 

- Anup
LB_DDLB_DD
Thanks Anup, But and solutions like: - CSS to hide fields, and if are filled then reject submition? - Multistep submit ? - One time token ? - etc Any solution recomend to minimize the bot spammer's / brute force? Salesforce (Apex + VF Page) have any token, var or other "value" can use to determine if is human or bot? Regards, LB
Anup JadhavAnup Jadhav
Check this thread out! http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches

It contains some ideas that might be helpful to you.

Anup
Mateusz OtrebaMateusz Otreba
To all who else struggle with this, check out this post: https://salesforceprofs.com/how-to-prevent-from-bots-alternative-for-recaptcha/ to find out how to implement two step protection.