Menu
I'm trying to come up with a good enough anti-spamming mechanism to prevent automatically generated input. I've read that techniques like captcha, 1+1=? stuff work well, but they also present an extra step impeding the free quick use of the application (I'm not looking for anything like that please).
I've tried setting some hidden fields in all of my forms, with display: none; However, I'm certain a script can be configured to trace that form field id and simply not fill it.
Do you implement/know of a good anti automatic-form-filling-robots method? Is there something that can be done seamlessly with HTML AND/OR server side processing, and be (almost) bulletproof? (without JS as one could simply disable it).
I'm trying not to rely on sessions for this (i.e. counting how many times a button is clicked to prevent overloads).
578
Why Do Bots Spam Forms? Bots spam forms to try and spread malware, phishing links, or sales messages. Since most website owners don't publish their email addresses, using forms is an easier way for people to add spam comments.
CAPTCHAs are used by any website that wishes to restrict usage by bots. Specific uses include: Maintaining poll accuracy—CAPTCHAs can prevent poll skewing by ensuring that each vote is entered by a human.
Use a CAPTCHA A CAPTCHA is a script to block spam bots from accessing your forms while humans can (for the most part) get through. If you've ever filled out a form and had to retype those squiggly letters, you have used a CAPTCHA. You can get a free CAPTCHA solution from ReCAPTCHA.
I actually find that a simple Honey Pot field works well. Most bots fill in every form field they see, hoping to get around required field validators.
http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx
If you create a text box, hide it in javascript, then verify that the value is blank on the server, this weeds out 99% of robots out there, and doesn't cause 99% of your users any frustration at all. The remaining 1% that have javascript disabled will still see the text box, but you can add a message like "Leave this field blank" for those such cases (if you care about them at all).
(Also, noting that if you do style="display:none" on the field, then it's way too easy for a robot to just see that and discard the field, which is why I prefer the javascript approach).
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
