basic spam protection

2025-03-04 17:01:03 +01:00 · 2025-03-04 17:01:03 +01:00 · d81e76e8ab
commit d81e76e8ab
parent aa4ec33c93
3 changed files with 34 additions and 0 deletions
--- a/hub/services/templates/services/embedded_contact_form.html
+++ b/hub/services/templates/services/embedded_contact_form.html
@ -8,6 +8,13 @@
            {% if details %}
                <input type="hidden" name="details" value="{{ details }}">
            {% endif %}
+            
+            <input type="hidden" name="form_timestamp" value="{{ request.timestamp|default:timestamp }}">
+            <div style="display:none;">
+                <label for="website">Website (Leave this empty)</label>
+                <input type="text" name="website" id="website" autocomplete="off">
+            </div>
+            
            {% if service %}
                <input type="hidden" name="service_id" value="{{ service.id }}">
                <input type="hidden" name="service_name" value="{{ service.name }}">
--- a/hub/services/templatetags/contact_tags.py
+++ b/hub/services/templatetags/contact_tags.py
@ -2,6 +2,7 @@
 from django import template
 from hub.services.forms import LeadForm
 from hub.services.models import Service, ServiceOffering, Plan
+import time

 register = template.Library()

@ -29,6 +30,9 @@ def embedded_contact_form(
    request = context["request"]
    form = LeadForm()

+    # Add timestamp for spam protection
+    timestamp = int(time.time())
+
    service_obj = None
    offering_obj = None
    plan_obj = None
@ -71,4 +75,5 @@ def embedded_contact_form(
        "request": request,
        "choices": processed_choices,
        "choice_label": choice_label,
+        "timestamp": timestamp,
    }
--- a/hub/services/views/leads.py
+++ b/hub/services/views/leads.py
@ -1,4 +1,5 @@
 import logging
+import time
 from django.shortcuts import render, redirect
 from django.contrib import messages

@ -18,6 +19,27 @@ def thank_you(request):

 def contact_form(request):
    if request.method == "POST":
+        # Spam protection checks
+        honeypot_value = request.POST.get("website", "")
+        timestamp_value = request.POST.get("form_timestamp", "0")
+        current_time = int(time.time())
+
+        # Check 1: Honeypot field should be empty
+        if honeypot_value:
+            # Bot detected - silently redirect
+            return redirect("services:homepage")
+
+        # Check 2: Form shouldn't be submitted too quickly (< 3 seconds)
+        try:
+            form_time = int(timestamp_value)
+            if current_time - form_time < 3:
+                # Too quick submission - likely a bot
+                return redirect("services:homepage")
+        except ValueError:
+            # Invalid timestamp - likely a bot
+            return redirect("services:homepage")
+
+        # Continue with normal form processing
        form = LeadForm(request.POST)
        if form.is_valid():
            from hub.services.models import Lead, Service, ServiceOffering, Plan