PHPackages                             attargah/anti-scam - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. attargah/anti-scam

ActiveLibrary[Security](/categories/security)

attargah/anti-scam
==================

A Filament plugin to protect frontend forms from spam/scam bots with IP blocking and a blacklist management panel.

v4.0.1(7mo ago)6421↓50%2[1 PRs](https://github.com/attargah/anti-scam/pulls)MITPHPPHP ^8.2CI failing

Since Sep 27Pushed 2mo agoCompare

[ Source](https://github.com/attargah/anti-scam)[ Packagist](https://packagist.org/packages/attargah/anti-scam)[ Docs](https://github.com/attargah/anti-scam)[ GitHub Sponsors](https://github.com/attargah)[ RSS](/packages/attargah-anti-scam/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (4)Dependencies (14)Versions (8)Used By (0)

[![attargah-admin-bar.jpg](art/attargah-anti-scam.jpg)](art/attargah-anti-scam.jpg)

Anti-Scam Laravel Package
=========================

[](#anti-scam-laravel-package)

A comprehensive Laravel package that provides advanced protection against spam, scam bots, and malicious activities on your web forms. This package integrates seamlessly with Filament admin panel for easy management and monitoring.

Features
--------

[](#features)

### 🛡️ Multi-Layer Protection

[](#️-multi-layer-protection)

- **Anti-Scam Protection**: Detects and blocks scam bots using hidden form fields
- **Anti-Spam Protection**: Rate limiting with progressive ban duration
- **IP Blocking**: Temporary and permanent IP blocking system
- **XSS Protection**: Automatic input sanitization

### 📊 Admin Panel Integration

[](#-admin-panel-integration)

- **Filament Resources**: Manage blocked IPs, scam IPs, and logs
- **Real-time Monitoring**: Track blocked attempts and scam activities
- **Log Management**: Detailed logging with user agent, request details, and timestamps

### 🎯 Advanced Bot Detection

[](#-advanced-bot-detection)

- **Hidden Form Fields**: Invisible honeypot fields to catch bots
- **Hash-based Validation**: Secure validation using Laravel's Hash facade
- **Randomized Input Order**: Prevents pattern-based bot detection
- **Configurable Display**: Hide fields using CSS or move them off-screen

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require attargah/anti-scam
```

### Publish Configuration, Migrations and Translations

[](#publish-configuration-migrations-and-translations)

```
php artisan vendor:publish --tag="anti-scam-config"

php artisan vendor:publish --tag="anti-scam-migrations"

php artisan vendor:publish --tag="anti-scam-translations"
```

### Run Migrations

[](#run-migrations)

```
php artisan migrate
```

### Configure the Package

[](#configure-the-package)

Set your secret key in the `config/anti-scam.php` file:

```
'key' => env('ANTI_SCAM_KEY', 'your-secret-key-here'),
```

Configuration
-------------

[](#configuration)

The package provides extensive configuration options in `config/anti-scam.php`:

### Anti-Scam Configuration

[](#anti-scam-configuration)

```
'scam' => [
    'active' => true,                    // Enable/disable scam protection
    'ban' => false,                      // Permanently ban scam IPs (not recommended)
    'save_log' => true,                  // Save scam attempts to database
    'register_logs_to_panel' => true,    // Show logs in admin panel
    'order_random' => true,              // Randomize input field order
    'display' => [
        'active' => false,               // Hide fields with CSS
        'css' => 'display:none!important',
    ],
    'off_screen' => [
        'active' => true,                // Move fields off-screen
        'css' => 'position:absolute!important; left:-9999px!important; z-index:-9999!important;',
    ],
],
```

### Anti-Spam Configuration

[](#anti-spam-configuration)

```
'spam' => [
    'active' => true,                    // Enable/disable spam protection
    'max_requests_per_window' => 5,      // Max requests per time window
    'window_in_seconds' => 60,           // Time window length
    'ban_duration_multiplier' => 3,      // Progressive ban duration multiplier
    'permanent_ban_threshold_min' => 10080, // Permanent ban threshold (7 days)
],
```

Usage
-----

[](#usage)

### 1. Protect Your Forms

[](#1-protect-your-forms)

Use the `@protect` Blade directive in your forms:

```

    @csrf
    @protect('contact-form')

    Send Message

```

### 2. Apply Middleware

[](#2-apply-middleware)

Add the middleware to your routes or controllers:

```
// In your routes file
Route::post('/contact', [ContactController::class, 'store'])
    ->middleware(['anti-scam', 'anti-spam', 'xss']);

// and in your bootstrap/app.php
return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/web.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->append(\Attargah\AntiScam\Http\Middleware\CheckBlockedIP::class);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();
```

You can also prevent XSS attacks using Validation.

```
$request->validate([
    'q' => ['required', new Xss],
]);
```

> 💡 **Bot Deception / Honeypot Success Message:**
> To trick scam bots into thinking their request was successful, you can place the following snippet **before saving any data** in your controller:
>
> ```
> if ($request->input('scam_status_'.config('anti-scam.key'))){
>     return back()->with('success', 'your_message'); // or any success return of your choice
> }
> ```
>
>
>
> This ensures that:
>
> - Legitimate users are not affected (since they won't trigger the hidden field).
> - Bots see a success message and believe their request went through.
> - No actual data is saved for requests flagged as scam.

### 3. Filament Admin Panel

[](#3-filament-admin-panel)

Register the plugin in your Filament panel:

```
use Attargah\AntiScam\AntiScamPlugin;

public function panel(Panel $panel): Panel
{
    return $panel
        ->plugins([
            AntiScamPlugin::make(),
        ]);
}
```

Middleware Components
---------------------

[](#middleware-components)

### AntiScam Middleware

[](#antiscam-middleware)

- Detects scam bots using hidden form fields
- Validates hash-based tokens
- Logs scam attempts and optionally bans IPs

### AntiSpam Middleware

[](#antispam-middleware)

- Implements rate limiting with configurable thresholds
- Progressive ban duration (increases with repeated violations)
- Automatic permanent bans for persistent offenders

### CheckBlockedIP Middleware

[](#checkblockedip-middleware)

- Blocks requests from banned IP addresses
- Supports both temporary and permanent bans
- Returns 403 status for blocked requests

### XSSProtection Middleware

[](#xssprotection-middleware)

- Sanitizes all input data
- Removes HTML tags and scripts
- Prevents XSS attacks

Database Tables
---------------

[](#database-tables)

The package creates three main tables:

- **`scam_ips`**: Stores detected scam IP addresses and related information
- **`blocked_ips`**: Manages IP blocking with expiration times
- **`blocked_ip_logs`**: Detailed logs of all blocking activities

Testing
-------

[](#testing)

Run the test suite:

```
vendor/bin/pest .\vendor\attargah\anti-scam\tests
```

The package includes comprehensive tests for all middleware components and functionality.

Security Considerations
-----------------------

[](#security-considerations)

1. **Secret Key**: Always use a strong, unique secret key for the anti-scam protection
2. **Rate Limiting**: Adjust spam protection settings based on your traffic patterns
3. **IP Blocking**: Be cautious with permanent IP bans as they may affect legitimate users
4. **Logging**: Regularly review logs to identify patterns and adjust protection levels

Contributing
------------

[](#contributing)

Contributions are welcome! Please feel free to submit a Pull Request.

License
-------

[](#license)

This package is open-sourced software licensed under the [MIT license](LICENSE.md).

Support
-------

[](#support)

If you encounter any issues or have questions, please open an issue on [GitHub](https://github.com/attargah/anti-scam/issues).

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

---

**Made with ❤️ by [Attargah](https://github.com/attargah)**

###  Health Score

44

—

FairBetter than 92% of packages

Maintenance77

Regular maintenance activity

Popularity23

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 86.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1 days

Total

6

Last Release

228d ago

Major Versions

v3.0.0 → v4.0.02025-10-02

3.x-dev → 4.x-dev2025-10-02

v3.0.1 → v4.0.12025-10-02

PHP version history (2 changes)v3.0.0PHP ^8.1

4.x-devPHP ^8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/84e9bd8298d567ff2d308503a24435f3d782e32962aa992c1c42e8b2d8a4e9f5?d=identicon)[attargah](/maintainers/attargah)

---

Top Contributors

[![attargah](https://avatars.githubusercontent.com/u/67326574?v=4)](https://github.com/attargah "attargah (46 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (6 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)")

---

Tags

laravelattargahanti-scam

###  Code Quality

TestsPest

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/attargah-anti-scam/health.svg)

```
[![Health](https://phpackages.com/badges/attargah-anti-scam/health.svg)](https://phpackages.com/packages/attargah-anti-scam)
```

###  Alternatives

[spatie/laravel-ciphersweet

Use ciphersweet in your Laravel project

416718.4k1](/packages/spatie-laravel-ciphersweet)[relaticle/flowforge

Flowforge is a lightweight Kanban board package for Filament that works with existing Eloquent models.

39246.7k2](/packages/relaticle-flowforge)[solution-forest/filament-simplelightbox

This is my package filament-simplelightbox

6281.0k1](/packages/solution-forest-filament-simplelightbox)[schmeits/filament-character-counter

This is a Filament character counter TextField and Textarea form field for Filament v4 and v5

33184.7k6](/packages/schmeits-filament-character-counter)[defstudio/filament-searchable-input

A searchable autocomplete input for Filament forms

3212.4k](/packages/defstudio-filament-searchable-input)[solution-forest/filament-firewall

This is a middleware for whitelisting/blacklisting for Filament Admin

457.8k3](/packages/solution-forest-filament-firewall)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)