On Sun, 2008-08-31 at 18:49 +0100, Stut wrote: > Good points all, but I'd add two more from my own collection... > > Field names > Don't name fields things like name, email, address, postcode, message, > etc. Instead name them a, b, c, d, e, etc but name your hidden field > email. That should provoke most bots into changing that value and > leaves others unsure what to put where so they ignore the form. Following allong with Stut's comment... another thing might be to create a session based randomizer for fields names. Then map the random generated field names to the real field names internally. This would difficult for those manually creating forms, but I'd imagine any kind of form management class like my own could do this transparently. BTW, something I've noticed in a few sites where I do spam filtering (and forward myself the spam submission) is that some crappy bots will even stick URLs in fields like the zip code, or name. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
