attargah/anti-scam
Composer 安装命令:
composer require attargah/anti-scam
包简介
A Filament plugin to protect frontend forms from spam/scam bots with IP blocking and a blacklist management panel.
关键字:
README 文档
README
Anti-Scam Laravel Package
A comprehensive Laravel package that provides advanced protection against spam, scam bots, and malicious activities on your web forms. This package integrates seamlessly with Filament admin panel for easy management and monitoring.
Features
🛡️ Multi-Layer Protection
- Anti-Scam Protection: Detects and blocks scam bots using hidden form fields
- Anti-Spam Protection: Rate limiting with progressive ban duration
- IP Blocking: Temporary and permanent IP blocking system
- XSS Protection: Automatic input sanitization
📊 Admin Panel Integration
- Filament Resources: Manage blocked IPs, scam IPs, and logs
- Real-time Monitoring: Track blocked attempts and scam activities
- Log Management: Detailed logging with user agent, request details, and timestamps
🎯 Advanced Bot Detection
- Hidden Form Fields: Invisible honeypot fields to catch bots
- Hash-based Validation: Secure validation using Laravel's Hash facade
- Randomized Input Order: Prevents pattern-based bot detection
- Configurable Display: Hide fields using CSS or move them off-screen
Installation
You can install the package via Composer:
composer require attargah/anti-scam
Publish Configuration, Migrations and Translations
php artisan vendor:publish --tag="anti-scam-config" php artisan vendor:publish --tag="anti-scam-migrations" php artisan vendor:publish --tag="anti-scam-translations"
Run Migrations
php artisan migrate
Configure the Package
Set your secret key in the config/anti-scam.php file:
'key' => env('ANTI_SCAM_KEY', 'your-secret-key-here'),
Configuration
The package provides extensive configuration options in config/anti-scam.php:
Anti-Scam Configuration
'scam' => [ 'active' => true, // Enable/disable scam protection 'ban' => false, // Permanently ban scam IPs (not recommended) 'save_log' => true, // Save scam attempts to database 'register_logs_to_panel' => true, // Show logs in admin panel 'order_random' => true, // Randomize input field order 'display' => [ 'active' => false, // Hide fields with CSS 'css' => 'display:none!important', ], 'off_screen' => [ 'active' => true, // Move fields off-screen 'css' => 'position:absolute!important; left:-9999px!important; z-index:-9999!important;', ], ],
Anti-Spam Configuration
'spam' => [ 'active' => true, // Enable/disable spam protection 'max_requests_per_window' => 5, // Max requests per time window 'window_in_seconds' => 60, // Time window length 'ban_duration_multiplier' => 3, // Progressive ban duration multiplier 'permanent_ban_threshold_min' => 10080, // Permanent ban threshold (7 days) ],
Usage
1. Protect Your Forms
Use the @protect Blade directive in your forms:
<form method="POST" action="/contact"> @csrf @protect('contact-form') <input type="text" name="cf_name" placeholder="Your Name" required> <input type="email" name="cf_email" placeholder="Your Email" required> <textarea name=cf_"message" placeholder="Your Message" required></textarea> <button type="submit">Send Message</button> </form>
2. Apply Middleware
Add the middleware to your routes or controllers:
// In your routes file Route::post('/contact', [ContactController::class, 'store']) ->middleware(['anti-scam', 'anti-spam', 'xss']); // and in your bootstrap/app.php return Application::configure(basePath: dirname(__DIR__)) ->withRouting( web: __DIR__.'/../routes/web.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware) { $middleware->append(\Attargah\AntiScam\Http\Middleware\CheckBlockedIP::class); }) ->withExceptions(function (Exceptions $exceptions) { // })->create();
You can also prevent XSS attacks using Validation.
$request->validate([ 'q' => ['required', new Xss], ]);
💡 Bot Deception / Honeypot Success Message:
To trick scam bots into thinking their request was successful, you can place the following snippet before saving any data in your controller:if ($request->input('scam_status_'.config('anti-scam.key'))){ return back()->with('success', 'your_message'); // or any success return of your choice }This ensures that:
- Legitimate users are not affected (since they won't trigger the hidden field).
- Bots see a success message and believe their request went through.
- No actual data is saved for requests flagged as scam.
3. Filament Admin Panel
Register the plugin in your Filament panel:
use Attargah\AntiScam\AntiScamPlugin; public function panel(Panel $panel): Panel { return $panel ->plugins([ AntiScamPlugin::make(), ]); }
Middleware Components
AntiScam Middleware
- Detects scam bots using hidden form fields
- Validates hash-based tokens
- Logs scam attempts and optionally bans IPs
AntiSpam Middleware
- Implements rate limiting with configurable thresholds
- Progressive ban duration (increases with repeated violations)
- Automatic permanent bans for persistent offenders
CheckBlockedIP Middleware
- Blocks requests from banned IP addresses
- Supports both temporary and permanent bans
- Returns 403 status for blocked requests
XSSProtection Middleware
- Sanitizes all input data
- Removes HTML tags and scripts
- Prevents XSS attacks
Database Tables
The package creates three main tables:
scam_ips: Stores detected scam IP addresses and related informationblocked_ips: Manages IP blocking with expiration timesblocked_ip_logs: Detailed logs of all blocking activities
Testing
Run the test suite:
vendor/bin/pest .\vendor\attargah\anti-scam\tests
The package includes comprehensive tests for all middleware components and functionality.
Security Considerations
- Secret Key: Always use a strong, unique secret key for the anti-scam protection
- Rate Limiting: Adjust spam protection settings based on your traffic patterns
- IP Blocking: Be cautious with permanent IP bans as they may affect legitimate users
- Logging: Regularly review logs to identify patterns and adjust protection levels
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This package is open-sourced software licensed under the MIT license.
Support
If you encounter any issues or have questions, please open an issue on GitHub.
Changelog
Please see CHANGELOG for more information on what has changed recently.
Made with ❤️ by Attargah
attargah/anti-scam 适用场景与选型建议
attargah/anti-scam 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 637 次下载、GitHub Stars 达 6, 最近一次更新时间为 2025 年 09 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「attargah」 「anti-scam」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 attargah/anti-scam 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 attargah/anti-scam 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 attargah/anti-scam 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
GogetSSL API integration for Laravel framework
This package adds an admin bar for the front pages of websites built with Filament.
Alfabank REST API integration
Laravel package for Accurate Online API integration.
Shared RCX Laravel DataTables UI and configuration helpers.
Boot a Laravel project on any machine with one command: app:serve installs missing tools (PHP, Node, Composer, Herd, Docker), creates .env, sets up the database, runs migrations, builds assets, starts a queue worker and serves via Herd, Sail or artisan serve; app:down cleanly stops everything it sta
统计信息
- 总下载量: 637
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 6
- 点击次数: 26
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-09-11
