Aimy Capture-Less Form Guard is a user friendly way to protect your forms from spam bots and therefore improves the security of your Joomla! website. The system plugin is a Captcha alternative that does not require user action: It uses some well known and GDPR-friendly anti-spam tests to decide whether the user is a human or a machine on form submission.

This captcha plugin for Joomla! 3, 4 and 5 implements the Joomla! captcha interface. Therefore all extensions that can use Joomla! captcha plugins can be protected.

English German Farsi (Iran) French Dutch Spanish Russian Czech Polish Slovenian Dari (Afghanistan) Danish Italian
Feature Aimy Captcha-Less Form Guard Aimy Captcha-Less Form Guard PRO
General Features
High usability - no user action required
Easy to configure
Anti-Spam Methods
Minimum fill out time
Bot trap (honey pot)
DNS Blackhole List
Reject Strings
… all methods suitable for screen readers and text browsers
Logging of rejected Form Submissions
… via Joomla!
… via PHP (error_log)
Other Features
Visual hints for minimum fill out time (for example a countdown)
Disable "protected-by" link to Aimy Extensions' website beneath a form with one-click
Supports RSForm!Pro forms
GDPR-friendly *
Updates on new releases (for one year - 15 month on renewal)

Buying the PRO version

If buy the PRO version of Aimy Captcha-Less Form Guard you get automatic updates in the Joomla! backend for the domain(s) you name in the order process for one year (15 months on renewal).
You may still use the extension afterwards and on unlimited websites, but benefit from the update service only on the domains ordered.

19.04€
(Incl. 19% tax)
Germany
* Unlimited installs - updates for number of domains:

Aimy Captcha-Less Form Guard for Joomla!

How Does this Joomla! Captcha Plugin Work?

It is a wide spread solution to keep forms spam free using a graphical captcha containing some text that a user has to enter.

But there are other possibilities to stop spam bots that are better for website usability and accessibility. Aimy Capture-Less Form Guard for Joomla! is a captcha alternative and combines three of these methods:

Minimum Fill Out Time

A human who fills out a form will need some time to read the texts and type in the information. Bots, however, fill out forms in nearly no time. With Aimy Captcha-Less Form Guard you can set a minimum time required to fill out the form: If the form is submitted faster than that, the submission will be rejected.

Bot Trap

The bot trap works with a hidden input field in the form. Bots usually fill out all fields present in the form's code and do not evaluate which ones are actually rendered by the browser and thus shown to a human visitor. By placing such a hidden input field in your form, Aimy Captcha-Less Form Guard can easily deny every submission that contains data for this special field.

DNS-based Blackhole Lists (DNSBL)

A lot of organizations put a lot of effort in building up blacklists, where known spam hosts are listed. Our captcha plugin uses two of those databases to look up spam-likely IP-addresses: NiX Spam and SORBS (safe). If the form is filled out by a bot that is on one of those lists, form submission will be rejected to keep your website secure.

Reject Strings

With reject strings you may define words you will never get in a real email to detect spam. This feature can be used additional to the other anti-spam methods and allows a specific anti-spam filter for your website.

In the Joomla! plugin configuration you can activate one or all methods to protect your forms.

GDPR-friendly captcha plugin for Joomla!

Aimy Captcha-Less Form Guard's functionality is mostly included within the extension and does not rely on external services - therefore it is GDPR-friendly. Only if you activate one or more of the supported DNSBLs (see above), a request with the visitor's IP address is sent to the enabled DNSBL service(s). In this case we recommend to add a hint in your privacy policy about it.
Furthermore this captcha plugin uses Joomla!'s default session to store required technical information. The Joomla! session itself uses a session cookie that does not need consent (as it expires when the session ends and is technically necessary).

Screenshots

  • Choose Anti Spam Method
  • Select Default Captcha in Joomla's Global Configuration
  • Show Your Users That Security Matters

Documentation

User Manual

PDF

Introduction

Aimy Captcha-Less Form Guard is a Joomla! system plugin that allows you to protect your forms from spambots - without requiring an image based Captcha.

Remarks

This manual documents both the free and the pro version of the Joomla! extension. Any documentation that applies to one of the versions only is marked either (FREE) or (PRO) respectively.

Supported Joomla! Versions

Aimy Captcha-Less Form Guard supports Joomla!...

  • 3.9 and up,
  • 4.0 and up,
  • 5.0 and up.

Installing the Captcha Plugin

The installation of the extension follows the common Joomla! procedures.

In case you are not familiar with these procedures, proceed as follows:

  1. Download the extension's ZIP archive
  2. Log into your Joomla! backend as "Super User"
  3. From the menu, choose "Extensions" → "Manage" → "Install"
  4. Click on the "Or browse for file" button and select the ZIP archive

The extension's archive will be uploaded and installed afterwards.

For further information, please have a look at the Joomla! documentation: Installing an Extension.

NOTE: All plugins are disabled by Joomla! when installed for the first time. To enable Aimy Captcha-Less Form Guard, proceed and configure the plugin.

Configuring the Captcha Plugin

After a fresh installation, click on the "Configure plugin now" button on the installation report page.

At any time, you can configure the Aimy Captcha-Less Form Guard plugin using Joomla!'s Plugin Manager by choosing "Extensions" → "Plugin Manager" from the menu. Locate the plugin and click on its name in the "Plugin Name" column of the plugin listing.

Enabling the Plugin

In order to use Aimy Captcha-Less Form Guard functionality, you have to enable it first.

To do so, change the plugin's status from "Disabled" to "Enabled" and apply your changes by clicking on either the "Save" or "Save & Close" button in the toolbar.

Form Protection

Aimy Captcha-Less Form Guard provides a couple of methods to guard Joomla! forms against spam without requiring a traditional image-based Captcha.

NOTE: You may choose any combination of the available protection mechanisms - but at least one protection mechanism has to be enabled.

Configuration of the Joomla! Plugin Captcha-Less Form Guard!
Minimum Fill Out Time

Unlike humans, spambots usually require nearly no time to fill out your forms. They obtain your form, fill in their data and submit it immediately. Any human would at least have needed a few seconds to understand what data to enter where in your form and actually fill it in before clicking the submit button.

This distinction is why setting a minimum fill out time helps to programmatically distinguish spambots from humans.

If this protection method is enabled, Aimy Captcha-Less Form Guard keeps track of the time the form has been sent to the user and only accepts it if a certain amount of time has passed on submission.

To enable this feature, set "Minimum Fill Out Time" to "On" and optionally select a "Minimum Time (in seconds)" that suits your form best or stick to the default of seven (7) seconds.

Bot Trap

Spambots are usually not very smart guys. They obtain your form's code, gather its fields and submit their data as long as the form has either been accepted or a certain amount of attempts failed. They don't have an understanding of what input the fields of your form actually expect and they don't look at the rendered form like a human user would - they just evaluate your form's code.

Aimy Captcha-Less Form Guard therefore provides an effective bot trap that helps to detect whether a form has been submitted by man or machine: a special field is placed in your form that is not shown to your human users. Technically it is hidden using CSS so a browser won't render it while it is still there in the form's code.

If this protection method is enabled, Aimy Captcha-Less Form Guard checks whether the special field has been filled out and rejects the form submission if any data has been sent for this field.

To enable this feature, set "Bot Trap" to "On".

DNS Blackhole Lists (DNSBL) (PRO)

Some nice and smart people do take a huge effort to identify machines on the internet that send spam and make their knowledge available to the public. Aimy Captcha-Less Form Guard allows you to use these blacklists to automatically check the IP address of anyone trying to submit your form.

If the sender's address is known to send spam by any of the activated DNSBL providers, the form submission will be rejected.

You may select one or more of the following DNS Blackhole Lists:

Logging

To enable logging of rejected form submissions, set "Logging" to "On".

The next option, "Logging Method", allows you to specify how these messages are logged. Select one of the following methods:

  • Joomla!

    If selected, logging is done using Joomla!'s logging facilities.

    The log file will be named "aimycaptchalessformguard.php" and stored in the log folder set up in Joomla!'s "Global Configuration" ("System" tab).

    The log file looks like this:

      #Fields: date time   clientip  message
      2017-04-26 09:30:17  1.2.3.4   REJECT: denied by NiX Spam DNSBL
  • PHP (PRO)

    If selected, logging is done using PHP's standard error logging facility using the function error_log().

    As a result, all logged messages are stored along with your other PHP error messages.

    Depending on how you configured your PHP error logging facilities, a log entry may look like this:

      AimyCaptchaLessFormGuard: REJECT: 1.2.3.4: denied by NiX Spam DNSBL

User Interface Hints in the Joomla! Frontend (PRO)

If you enabled the "Minimum Fill Out Time" protection mechanism, you may want to give your users a hint about it. This further reduces the likeliness of a false-positive bot detection.

Aimy Captcha-Less Form Guard allows you to do so in different ways:

  • Disable Button

    If selected, the submit button of the form will be disabled until the configured minimum time is over.

  • Countdown

    If selected, the submit button will be temporary disabled and its text will be replaced by a countdown that is refreshed each second, as long as the minimum time is met. The initial text will be restored afterwards.

Expert Settings (PRO)

Expert Settings of the Joomla! Plugin Captcha-Less Form Guard!
Reject Strings (PRO)

If you set "Use Reject Strings" to "Yes", form submissions that contain any of the entered "Reject Strings" in its data will be rejected.

Reject strings are case-insensitive (case is not relevant).

The strings can be part of a word, a word or more than one word.

NOTE: Be careful when defining reject strings! Make sure the entered reject strings are unique enough and really classify a submission as being spam. Keep in mind those strings could possibly occur as part of another word. If you, for example, enter "sex" as a reject string, a form submission would be rejected as well if it contained the word "Sussex".

Joomla! Configuration

To put this extension to use, tell Joomla! to do so: Beneath SystemGlobal Configuration set "Default Captcha" to Aimy Captcha-Less Form Guard.

Global Settings Configuration in the Joomla! backend - Default Captcha

Advanced Configuration

User Notification Message

To inform your users that the form they are filling out is protected, Aimy Captcha-Less Form Guard displays a short message saying: "This form is protected by Aimy Captcha-Less Form Guard".

This way your users won't misinterpret the lack of a traditional, image-based captcha as your site being unprotected and insecure. In contrast, they may very well appreciate not being forced to enter some hard to read code to prove being a human while still being aware of your security measures. This helps you building trust.

However, if you do like to replace the default message shown, you do not have to edit any source code. Just use Joomla!'s default mechanism of Language Overrides, and override the constant AIMY_CLFG_PROTECTED_MSG_FMT with your new message.

Language Overrides are explained in detail in the official documentation:

https://docs.joomla.org/J3.x:Language_Overrides_in_Joomla

To switch the message off completely, set "Show Protected-By" to "Off" (PRO).

Custom Reject Messages

Aimy Captcha-Less Form Guard comes with the following overridable reject messages you could customize to fit your website's needs using a "Language Override" (see link above).

AIMY_CLFG_ERR_BOT_DENIED

Default: "Bot detected - form submission rejected"

AIMY_CLFG_ERR_DNSBL_DENIED

Default: "Your IP address is blacklisted by %s - form submission rejected"

The "%s" placeholder will be replaced with the DNSBL's name.

AIMY_CLFG_ERR_CONTENT_REJECTED

Default: "Form submission rejected because of bad content. If you think this is a mistake, please write us an email."

Please note that the default strings are included in various languages as part of Aimy Captcha-Less Form Guard already.

Support for Third Party Extensions

Aimy Captcha-Less Form Guard implements the Joomla! Captcha interface. Therefore all extensions that support to make use of Joomla! captcha plugins can be protected by this plugin - for example RSForm!Pro, FlexiContact and OSG Seminarmanager.

The Joomla!® name and logo are trademarks of Open Source Matters, Inc. in the United States and other countries.

Mentioned hard- and software as well as companies may be trademarks of their respective owners. Use of a term in this manual should not be regarded as affecting the validity of any trademark or service mark. A missing annotation of the trademark may not lead to the assumption that no trademark is claimed and may thus be used freely.