mosparo

mosparo is a self-hosted, rule-based spam protection system for web forms that detects spam by evaluating form field content rather than forcing users to solve CAPTCHAs. It focuses on accessibility, data minimization, and privacy while providing configurable rules to block unwanted submissions.

Key Features

• Rule-based spam detection that inspects individual form fields for disallowed words, patterns, or content
• Collects only form data, client IP, and user agent; data is encrypted or hashed before storage
• Automatic data retention policy that deletes stored form entries after approximately 14 days
• Accessible UX: no image puzzles or obscure interactions, compatible with screen readers and keyboard navigation
• Customizable checkbox widget for embedding and styling to match sites
• Supports multiple storage backends (MySQL/MariaDB, PostgreSQL, SQLite) and optional caching (Redis/Memcached)
• Lightweight PHP implementation with frontend assets built via Node tooling

Use Cases

• Protecting contact, comment, and signup forms from automated spam without degrading accessibility
• Integrating a privacy-focused spam filter into existing web apps or CMS forms
• Centralizing form-protection rules for multiple sites or forms on a single self-hosted instance

Limitations and Considerations

• Detection effectiveness depends on rule quality and coverage; additional tuning is often required to reach high block rates
• Not a behavioral CAPTCHA replacement for highly sophisticated bot farms; may need complementary defenses for advanced attacks

mosparo is a practical, privacy-oriented alternative to traditional CAPTCHAs that emphasizes accessibility and configurability for site operators seeking a self-hosted spam protection solution.