Spam-Protect a Symfony5 Contact-Form with CAPTCHA

David Iwaoka / CC BY-SA (https://creativecommons.org/licenses/by-sa/4.0)

On many of our Websites we have contact forms. And recently there seems to be an elevated number of bots filling out these forms with spam data.

That’s especially a problem, when a contact form is directly connected to an Issue Tracker, that automatically generates an issue when a mail to a specified address arrives.

A possible solution for avoiding automated form-fills is using CAPTCHAs.

So, as our Symfony Websites are using contact forms built with the form builder and I was looking for a solution without any external provider, such as Google with ReCaptcha or Akismet, I went over to packagist, searched for the word “spam” and selected the “symfony” tag and the result list showed the gregwar/captcha-bundle on top of the list. The installation was just composer require gregwar/captcha-bundle, and after that, adding a field in the contact form

$builder->add('captcha', CaptchaType::class, ['attr' => ['class' => 'feedback-captcha']]);

That was basically it. But making it run in our very stripped-down Docker-Containers required adding the gd extension with

docker-php-ext-configure gd --enable-gd --with-freetype --with-jpeg and docker-php-ext-install gd in the Dockerfile.

After that - and really no more configuration (except for some CSS), we hat a running Captcha on the Website.

Link to the Symfony Bundle: https://github.com/Gregwar/CaptchaBundle