✨ The Innovation Engine: Fueling Performance & Unstoppable Growth --- 🚦 Stop Guessing: Real User Monitoring for Magento 2 --- 🏆 Go For Gold: JaJuMa Is Hyvä Gold Partner --- 🚀 LCP Optimization - All You Need To Know --- 💡 Showcase: 60 Days On Hyvä - Project Rescue To Lightspeed ---
us
Jajuma Logo
user
Cart shopping-cart

Extensions by Category

Icon for Magento Extensions category All Extensions Icon for Hyvä Themes Extensions category Hyvä Theme Icon for Performance Optimization Extensions category Performance Optimization Icon for Power Toys Extensions category Power Toys Icon for Free Magento Extensions category Free

4. 🎯 Advanced Configuration: Using the Spam Scoring Engine

For stores facing persistent or sophisticated spam attacks, the Honeypot and Time Check methods may not be enough.
The Spam Scoring engine is the most powerful and precise tool in the JaJuMa Honey Spam Anti-Spam extension's arsenal.
It allows you to create highly specific rules to identify and block spam based on its content, origin, and other characteristics.

This feature is optional but highly recommended for fine-tuning your spam defense and targeting unique spam patterns affecting your store.

4.1 📈 How to Enable and Configure Spam Scoring

Within a specific form's configuration page, you can find the Spam Scoring section.

  • Enable Scoring Rules:
    Set this to Yes to activate the scoring engine for this form.
  • Max Spam Score Level:
    This is the critical threshold. The extension calculates a total score for each form submission by adding up the scores of all matching rules.
    If a submission's total score is equal to or greater than this value, it will be blocked.

💡 Pro Tip:
When you first start using scoring rules, set the Max Spam Score Level to a relatively high number.
This allows you to monitor the scores of incoming spam in the logs without blocking potentially legitimate submissions.
Once you are confident your rules are accurate, you can lower the threshold to a more aggressive level (e.g., 5).

JaJuMa Honey Spam Anti-Spam Extension Enable Scoring Rules

4.2 📝 Anatomy of a Scoring Rule

You can add an unlimited number of scoring rules. Each rule consists of the following components:

  • Match Against:
    This determines which piece of submission data the rule will analyze. You can target specific form fields (like Email, Firstname, Lastname), metadata (Client IP, User-Agent), or all submitted data (Params).
  • Custom Field:
    When selected, an additional input appears allowing you to specify the exact name attribute of any form field. This is crucial for targeting fields in custom forms or for handling data submitted as an array.
  • RegEx:
    This is a Regular Expression, a powerful pattern-matching syntax used to find specific text strings. For example, a RegEx could find submissions containing Russian characters or specific spammy links.
  • Score:
    A numeric value that will be added to the submission's total spam score if the RegEx finds a match. If left blank, a default score of 1 is used.
  • Special Cases:
    For common checks, you can use these shortcuts without needing to write a RegEx:
    • 2 fields identical: Matches if any two fields in the submission contain the exact same value.
    • 3 fields identical: Matches if any three fields contain the exact same value.

💡 Pro Tip: Targeting Array Fields
If your custom form submits data in an array (e.g., <input name="customer[email]">), you can precisely target it.
Select Custom Field as the "Match Against" option, and in the Custom Form Field input that appears, enter email.
This allows the scoring engine to analyze nested data values effectively.

⚠️ Warning:
The power of Regular Expressions comes with a risk.
An invalid or poorly written RegEx will be silently ignored by the system, creating a hole in your defense.
Always test your RegEx rules using an online tool like regex101.com before implementing them on your live site.

JaJuMa Honey Spam Anti-Spam Extension Enable Scoring Rules

4.3 📖 Practical Scoring Rule Examples

Getting started with RegEx can be intimidating. The table below provides a playbook of effective, ready-to-use rules. You can adapt these to fit the specific spam patterns you observe.

Match Against Regular Expression Explanation
Any Field [АБВГДЕЗИЙКЛНОРСТУХЦЧШЩЪЫЬЭЮЯЁЂЃЅІЇЈЉЊЋЌЎЏҐабвгдезийклнопрстухцчшщъыьэюяёђѓєѕїјљњћўґ] Matches if any field includes Russian/Cyrillic characters.
Any Field \p{Han}+ Matches if any field includes Chinese characters.
Any Field [b-df-hj-np-tv-z]{4} Matches if any field includes 4 or more consecutive consonants.
Any Field [aeiou]{4} Matches if any field includes 4 or more consecutive vowels.
Any Field [A-Z]{2,}$ Matches if any field ends with 2 uppercase characters.
Any Field [A-Z]{3} Matches if any field includes 3 or more consecutive uppercase characters.
Any Field ^[a-z][A-Z] Matches if any field begins with one lowercase followed by one uppercase character.
Any Field (href=\|\[url=\|<script>\|<image>) Matches if any field includes listed HTML expressions.
Any Field .{4,} Matches if any field includes 4 or more consecutive identical characters.
Any Field [!@#$%^&*()_+={}\[\]:;"\'<>,.?\/\/~]{5,} Matches if any field includes 5 or more listed special characters.
Any Field (\b\w+\b)(?:\s+\1\b)+ Matches if any field includes the same string two times in a row.
Any Field [A-Z]{2}[a-z][A-Z] Matches if any field includes 2 uppercase followed by 1 lowercase, followed by 1 uppercase character.
Email @mail.ru$ Matches if the submitted email has mail.ru as the domain.
Firstname / Lastname \$ Matches if the submitted first/last name includes a "$" sign.
Client IP ^100.22.33.44$ Matches if the form was submitted with this specific IP address.
Client IP ^100.22.33.(\d\|\d\d)$ Matches if the form was submitted from a certain IP Range (100.22.33.1-99).
User Agent (bot\|spider\|robot\|crawl) Matches if the form was submitted with one of the listed User Agents.
User Agent ^-?$ Matches if the form was submitted with a none/empty User Agent.
Firstname / Lastname ^[0-9]*$ Matches if the submitted first/last name is numeric only.
Email ^[0-9]*@.*$ Matches if the email prefix is numeric only.
Firstname / Lastname / Email ^.{50,}$ Matches if the submitted first/last name/email is longer than 50 characters.

📞 Need Help?

Still have questions or need assistance with your setup? Our expert team is here to help. Please don't hesitate to contact our support team for personalized assistance.

Ready to stop spam for good?

The JaJuMa Honey Spam Anti-Spam is the all-in-one solution for a cleaner, more secure Magento store.

Find all you need to know and more valuable insights about Hyvä and Magento.
Expertly curated by JaJuMa:

🚀 Launch the JaJuMa Hyväverse

Your central resource for everything Hyvä.

Explore the Magento Metropolis!

Your central resource for everything Magento.


Do you find all information about us and our services?

thumb-up
thumb-down
Customer Feedback Form Like This In Your Magento Store?