Scouting bots to protect your Laravel app

After running a production app for a little more than a year I started to get registration from users with mysterious email. While I have no idea for what purpose a malicious person would like to create 5 to 10 fake account a day on my app I tough that it would maybe be a good idea to prevent it.

The most notorious way of doing this is probably by using reCAPTCHA, but I do not want to force my users to check a checkbox on my registration page.

Google’s reCAPTCHA

Another really simple solution would be to add an invisible field to your registration form, indeed most bots are programmed to fill all the fields with dummy data, so if the field contain any text there is a really good chance that a bot is trying to register, but this solution doesn’t work for all bots.

<form>
<!-- Only filled by bots -->
<input type=”text” name=”botcheck” style=”display: none;”>
  <input type=”email”>
<input type=”password”>
</form>

With a little more research I came across a really interesting solution, botscout.com. BotScout is a free database of bots name / email and IP combo, the list has been filled over the years by major web companies contributors like Oracle and several honeypots made by the BotScout team. The database contains more than 8 millions bot signature that can be searched using an API.

If you want to integrate BotScout to your registration process in no time, I made a really easy Laravel integration that you can get on GitHub and a PHP client if you need a more agnostic solution.