Optimising against spam without captcha

Question

this is not meant as a discussion, but if this helps against crawler or spam-bots.

Captchas are not userfriendly and do not look nice...that´s why I thought about trying somethin like this:

<form><input type="text" name="name"> <input type="hidden" value="" name="surname" /></form>

and check if the input type hidden (to check if its a bot) is filled (submit.php).

if (!empty($_POST['surname'])){
    $error2 = "You are a Bot.";
}

My question is:

Would that work or would crawler or bots ignore input types which are hidden?

Or would it be better to wrap a <div style="display:none;"></div> around it?

Technicly it works (if i fill that field with a value)...but i don´t know if something like this would pretend myself from getting annoying spam..

thanks for reading/other solutions which would be userfriendliy.

Answer 1

These kind of fields are called honeypot fields and the idea is to hide them using css, not to use a hidden field.

It is your decision if you want to use them, and you will need to do some research. There is some criticism to using them, an example being the fact that screen readers used for accessibility might see those fields and read them.

You can also check this option that uses a simple checkbox: http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins/

Note: I think that you should add captcha only if you are sure that you will have a spam problem, or you already have this issue, not from the start without knowing if you really need it.

Answer 2

Maybe you can try to handle the bot question on the PHP side only, check out this it may help how to detect search engine bots with php?

Answer 3

Adding empty CSS-hidden field and checking for input is one of the options.

Try checking for weird browser-info $_SERVER['HTTP_USER_AGENT'].

Allow minimum open fields, rely on radio buttons, dropdown selectors, check fields...

Do not allow posting HTML / URL addresses....

Problem is, spammers adapt, you should adapt too.