Actually, I’m develloping my website. As a lot of others, I have a register/login system. Yesterday, one of my friend tested the website’s forms security. He filled the database with fakes accounts only with a python script (it fill the form’s fields and send it to the database). He created 1200 fakes accounts…
So, I just found in the Cloudflare’s firewall how to setup a captcha when a form is sent with the “POST” method. Visitors are successfully redirected on the captcha page, but the form is’nt sent. First problem : the user have to fill the form twice (once before the captcha and another once after that).
Second problem : if the fields aren’t correctly filled, there’s some error messages, setuped with PHP’s variables. Without the firewall rule, the error messages are displayed, but when the rule is enabled, at the first send after the captcha, users are redirected on the same form… but it’s empty… (In case of fields aren’t correctly filled, the error messages don’t display).
After the captcha, all systems are working. But for the first send, users have to fill the forms twice, and it’s an important problem.
My question is : do know how can I protect my database/website from this type of spam (with form and POST method) without all those problems ?
Sorry for my english, I’m a french student.
Thanks to all,