Contents

Chapter 1

Features

This chapter covers the core features and capabilities of Spam Prevention.

Features

  • Honeypot fields: hidden form fields that catch automated bots
  • HMAC time traps: cryptographic timestamps that reject submissions that are too fast or too old
  • Rate limiter: JSON-backed per-IP rate limiting with configurable windows
  • IP blocklist: block individual IPs or entire /24 subnets
  • Content analysis: detect spam phrases, excessive URLs, ALL CAPS, and repetitive characters
  • CAPTCHA hooks: integration points for external CAPTCHA services
  • Layered scoring: each layer contributes a spam score — threshold-based accept/reject
  • Python 3.10+ stdlib only — no pip installs required

Quick Start

bash
# Check a form submission for spam
python src/spam_prevention.py --check '{"email": "user@example.com", "message": "Buy cheap stuff now!!!"}'

# Generate a honeypot field
python src/spam_prevention.py --generate-honeypot

# Generate an HMAC timestamp token
python src/spam_prevention.py --generate-timestamp

# Block an IP address
python src/spam_prevention.py --block-ip 192.168.1.100

# Unblock an IP address
python src/spam_prevention.py --unblock-ip 192.168.1.100

# Run the built-in demo
python src/spam_prevention.py --demo
Chapter 2

CLI Reference

Follow this guide to get Spam Prevention up and running in your environment.

CLI Reference

FlagDescription
--check JSONCheck a submission JSON string for spam
--generate-honeypotGenerate a hidden honeypot field HTML snippet
--generate-timestampGenerate an HMAC-signed timestamp token
--block-ip IPAdd an IP to the blocklist
--unblock-ip IPRemove an IP from the blocklist
--demoRun a built-in demo of all spam prevention layers

Protection Layers

1. Honeypot Fields

Hidden form fields invisible to real users but filled by bots:

html
<!-- Generated by spam_prevention.py -->
<div style="position:absolute;left:-9999px;" aria-hidden="true">
  <input type="text" name="website_url_confirm" tabindex="-1" autocomplete="off">
</div>

If the honeypot field has any value when submitted, the submission is flagged as spam.

2. HMAC Time Traps

A cryptographic token embedded in the form that encodes the timestamp:

  • Submissions faster than 3 seconds are bots (too fast for a human)
  • Submissions older than 1 hour are stale (replay attack or abandoned form)
  • The HMAC signature prevents token forgery

3. Rate Limiter

JSON-file-backed per-IP rate limiting:

python
# Default: 5 submissions per 60 seconds per IP
rate_limiter = RateLimiter(max_requests=5, window_seconds=60)

4. IP Blocklist

Block individual IPs or entire /24 subnets:

bash
python src/spam_prevention.py --block-ip 192.168.1.100
python src/spam_prevention.py --block-ip 10.0.0.0/24

5. Content Analysis

Heuristic checks on submission content:

CheckDescription
Spam phrasesDetects common spam phrases ("buy now", "click here", etc.)
URL countFlags submissions with excessive URLs
CAPS ratioFlags text that's mostly UPPERCASE
Repetitive charsFlags text with repeating character patterns
Chapter 3
🔒 Available in full product

Programmatic Usage

Chapter 4
🔒 Available in full product

License

You’ve reached the end of the free preview

Get the full Spam Prevention and unlock everything.

All Chapters

Get the complete guide with every chapter unlocked, including code samples, diagrams, and best practices.

Full Tool Suite

Access all interactive tools with complete data, all workload profiles, and the full scenario library.

Source Files

Downloadable source code, configuration files, and working examples from every chapter.

Lifetime Updates

Free updates for life. Every new chapter, tool, and improvement included.

Buy Now — $19 →
📦 Free sample included — download another copy for the full product.
Spam Prevention v1.0.0 — Free Preview