facebook youtube pinterest twitter reddit whatsapp instagram

TonicsCloud Update 9: Preventing Flood of Bot Registration

The below is what you get after creating awareness of your project on reddit ๐Ÿคจ

and there are thousands more.

After sharing my project on r/php, the following day, I started getting so many Mail Delivery System error, bounces and all sorts of gibberish:

This is as a result of automated bot registration, unfortunately, as this is a work in progress project, a lot of things are not in place and one of them is prevention of simple spam such as in this case.

The Implementation

I needed a way to do something simple and complex simplicity if it needs be to prevent this nonsense.

I came up with the idea of chaining several spam protection mechanism, for example, Mechanism A would check if there is a spam, if no spam, it passes it to Mechanism B, and so on until it can detect a spam and reject the registration. If no spam is detected, that's fine, we allow the registration.

As this is an open-source project, it should also be expandable and hookable, this way, developers can add their own mechanism.

The below are the ones I have:

Honey Trap ๐Ÿฏ

This is where we have a decoy input to lure automated bots into interacting with hidden fields or traps.

Global Variable Check ๐Ÿคš๐Ÿพ

This is simple but you can make it complex if you want, here we not only check the request header and it's value, it also has an option of checking the input data, and as such, it can replicate the honey trap, here are examples (SERVER can be swapped with POST):

// if there is no user agent, we mark as spam
[SERVER keyNot='HTTP_USER_AGENT' spam='1']

// if there is user agent and the value contains bot, we mark as spam
[SERVER key='HTTP_USER_AGENT' valueContains='bot' spam='1']

// reject all email that ends with .ru
[POST key='email' valueEndsWith='.ru' spam='1' ]

// the value can be value|valueStartsWith|valueEndsWith|valueContains
// negate value with valueNot e.g valueNotStartsWith, valueNotContains, etc
// you can check if value is not empty with: valueEmpty='0' OR valueEmpty='1' for empty value

If the key or the combo of key and value is true, you mark it with spam='1' or not spam='0', so, there are lots of things you can do here, e.g, flagging IP, only accepting a specific request headers and so on.

Prevent Disposable Emails ๐Ÿ—‘๏ธ

This is simple, we filter out disposable email addresses using a predefined lists, I currently have over 3k of them by defaults and you can add your own custom list as well if the mechanism is not catching it, spammers uses disposable domains alot.


After pushing the update, the bot registration is silent, I mean 100% silent.

None of the implementation is novel, so, it is a simple implementation, however, I really like the fact it can be expanded and the global variable thing looks cool ๐Ÿ˜‰.

The below is what the implementation looks like:

You can always get in touch with me at olayemi@tonics.app or devsrealmer@gmail.com 

Related Post(s)

  • Automating Deployment of Static Sites in TonicsCloud

    In this guide, I would be showing you how to deploy static sites automatically in TonicsCloud, it takes care of all the configuration for you unlike our other guides where we were doing it manually, l

  • Installing TonicsCloud

    There are several ways to install TonicsCloud, the faster way is by signing up through: https://tonics.app/customer/register Once you have registered and verified your account, add a credit through:

  • Hosting A Static Site in TonicsCloud

    In this guide, I will be showing you how to host a static site in TonicsCloud from scratch.

  • Deploying an Instance in TonicsCloud

    In this guide, I will walk you through the process of deploying an instance in TonicsCloud, it is super simple, let's go... Preview Table of Content Deploy an Instance Instance Info

  • Configuring Domain Records in TonicsCloud

    In this guide, I will show you how to configure and manage domain records directly from TonicsCloud. TonicsCloud provides an option to manage your domain records directly from TonicsCloud

  • Hosting Multiple Websites on a Server with TonicsCloud

    In the previous guide, I covered Hosting a Static Site in TonicsCloud, that setup is limited in the sense that you can't host more than a site in your server. In this guide, we would take it a step f