Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Optimising against spam without captcha

Tags:

html

forms

php

this is not meant as a discussion, but if this helps against crawler or spam-bots.

Captchas are not userfriendly and do not look nice...that´s why I thought about trying somethin like this:

<form><input type="text" name="name"> <input type="hidden" value="" name="surname" /></form>

and check if the input type hidden (to check if its a bot) is filled (submit.php).

if (!empty($_POST['surname'])){
    $error2 = "You are a Bot.";
}

My question is:

Would that work or would crawler or bots ignore input types which are hidden?

Or would it be better to wrap a <div style="display:none;"></div> around it?

Technicly it works (if i fill that field with a value)...but i don´t know if something like this would pretend myself from getting annoying spam..

thanks for reading/other solutions which would be userfriendliy.

like image 692
Top Questions Avatar asked May 31 '13 08:05

Top Questions


People also ask

What are honeypots how are they better at resisting spam bots than Captchas?

What is a honeypot? A honeypot is a field added to the form that the users can't see due to CSS or JavaScript (which hides the field). Honeypots are awesome because they don't inconvenience users like a captcha and they are a valid tool for thwarting spam bots.

Does Captcha prevent spam?

What does CAPTCHA do? CAPTCHA prevents any spam or bots from entering data into fields on your site. This can include fake comments on posts, emails, fraudulent transactions, contact form entries and fake registration submissions.


3 Answers

These kind of fields are called honeypot fields and the idea is to hide them using css, not to use a hidden field.

It is your decision if you want to use them, and you will need to do some research. There is some criticism to using them, an example being the fact that screen readers used for accessibility might see those fields and read them.

You can also check this option that uses a simple checkbox: http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins/

Note: I think that you should add captcha only if you are sure that you will have a spam problem, or you already have this issue, not from the start without knowing if you really need it.

like image 83
mishu Avatar answered Oct 18 '22 01:10

mishu


Maybe you can try to handle the bot question on the PHP side only, check out this it may help how to detect search engine bots with php?

like image 39
Jaay Avatar answered Oct 18 '22 01:10

Jaay


Adding empty CSS-hidden field and checking for input is one of the options.

Try checking for weird browser-info $_SERVER['HTTP_USER_AGENT'].

Allow minimum open fields, rely on radio buttons, dropdown selectors, check fields...

Do not allow posting HTML / URL addresses....

Problem is, spammers adapt, you should adapt too.

like image 29
Jan Kocbek Avatar answered Oct 18 '22 03:10

Jan Kocbek