Statistics, form protection and site security

Hi, I’m currently evaluating if NEOS is the right choice for our company homepage. I read several docs and tutorials and tested the demo of the editor frontend at jumpbox.ch (love the frontend :heart_eyes: ). But before I test an installation I have some questions…

  • Statistics
    Is there a recommended way to get page usage statistics (page hits, devices, browsers, countries, …) if I decided NOT to use external services like Google Analytics but prefered on premise solutions?

  • Form spam prevention
    Is there some sort of form submit security available to prevent form spamming, preferably on premise solutions - meaning no google recaptcha? E.g. blocking form submission for some seconds after page load, enforce enabled javascript to block bots without javascript, prevent repeated form submission, detecting a “human user”, … I would prefer not to use captchas at all because they are a usability nightmare.

  • Site security
    Is there some sort of integrated site access security available with frequently updated IP blacklists and automatic IP blacklisting - including blocking statistics/reports? Or would I need a seperate software firewall in front of NEOS?

Thanks for your help :slight_smile:

Hey Björn, welcome to the Community!

Statistics
There is no build-in solution in Neos for the tracking itself.
But we have integrations for

Form spam prevention
We use a Honeypot solution (https://github.com/daniellienert/honeypotformfield) in all our forms. which keeps spam away even on high-traffic sites. Other than that, I am not aware of on-prem solutions and submission-rate-limitting integrations.

Site security
No, AFAIK there is no such solution for Neos, you need an external (Application-) Firewall for that.

Cheers,
Daniel

Thanks for your reply.

The honeypotformfield is fine by me :slight_smile:

As an application firewall I think I might try Shadow Deamon or ModSecure with Apache.

I’ll definitely give NEOS a try :smiley: