Spam-Protect a Symfony5 Contact-Form with CAPTCHA

On many of our Websites we have contact forms. And recently there seems to be an elevated number of bots filling out these forms with spam data.

That’s especially a problem, when a contact form is directly connected to an Issue Tracker, that automatically generates an issue when a mail to a specified address arrives.

A possible solution for avoiding automated form-fills is using CAPTCHAs.

So, as our Symfony Websites are using contact forms built with the form builder, and I was looking for a solution without any external provider, such as Google with ReCaptcha or Akismet, I went over to packagist, searched for the word “spam” and selected the “symfony” tag and the result list showed the gregwar/captcha-bundle on top of the list. The installation was just composer require gregwar/captcha-bundle, and after that, adding a field in the contact form

$builder->add('captcha', CaptchaType::class, ['attr' => ['class' => 'feedback-captcha']]);

That was basically it. But making it run in our very stripped-down Docker-Containers required adding the gd extension with

docker-php-ext-configure gd --enable-gd --with-freetype --with-jpeg and docker-php-ext-install gd in the Dockerfile.

After that - and really no more configuration (except for some CSS), we hat a running Captcha on the Website.

Link to the Symfony Bundle: https://github.com/Gregwar/CaptchaBundle