Security Feature: Proof-of-Work Mechanism

[zepich]

Idea

mosparo requires the rules to catch spam. Without rules, mosparo cannot catch spam at all. Other (modern) CAPTCHA/spam filter alternatives to mosparo are often based on a proof-of-work mechanism that will use some of the user's CPU to execute a calculation. If the result is correct, the form can be submitted.

While we don't really understand how that should prevent spam since a spam bot can also use its CPU to execute a calculation, we understand that this method makes it more expensive for a spam bot to submit spam. As with the Honeypot field, it's a method to fight against spam, but it's not 100% protection (as nothing really is 100% protection, to be honest).

We had the idea to add an additional security feature to our existing security features. Security features are always optional and can be enabled for a project. Adding a proof-of-work mechanism as a security feature allows mosparo to work as other spam protection tools without adding rules to mosparo.

But, compared to other methods, with mosparo, you can use additional rules to enhance spam protection. So, the proof-of-work mechanism is not the only method; it is an additional method to catch spam further. Especially for login forms where there are not a lot of fields, the proof-of-work mechanism can help to limit the requests.

Requirements

• Add an additional security feature in the project settings and in the Create Project wizard
• Add the technical implementation in the frontend JavaScript, in the best case, in a separate JavaScript file to not make the existing one larger

[zepich]

Added with v1.3