What are some non-captcha methods for blocking spam on my comments?
The reason why ReCAPTCHA is a prevalent tool in online submission forms is to prevent spam and abuse from entering the site.
Honeypot, as the name suggests, is a “trap” that is designed to lure bots and computer programs into accidentally revealing their identities. The idea is to provide something that is going to attract the bot, the “honey”, which is invisible or hidden from legitimate human users.
In my experience the currently most effective methods are honeypot input fields that are made invisible to users via CSS (best use several different methods, such as visibility:hidden, setting a size of 0 pixels, and absolute positioning far outside the browser window); if they're filled anyway you can assume it's a spambot.
This blog describes a rather complex method that I've tried out myself (with 100% success so far), but I suspect that you could get the same result by skipping all the stuff with hashed field names and just add some simple honeypot fields.
1) Adding session-related information into the form Example:
<input type="hidden" name="sh" value="<?php echo dechex(crc32(session_id())); ?>" />
then at postback, check whether session is valid or not.
2) Javascript-only. Use Javascript injection at Submission. Example:
<input type="hidden" id="txtKey" name="key" value="" /> <input type="submit" value="Go" onclick="document.getElementById('txtKey').value = '<?php echo dechex(crc32(session_id())) ?>';" />
3) Time-limit per IP, User or Session. this is quite straightforward.
4) Randomizing field names:
<?php $fieldkey = dechex(crc32(mt_rand().dechex(crc32(time())))); $_SESSION['fieldkey'] = $fieldkey; ?> <input type="text" name="name<?php echo $fieldkey; ?>" value="" /> <input type="text" name="address<?php echo $fieldkey; ?>" value="" />
Then you can check it over at the server side.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With