I have also found a "type the number 4 in the box" spam check to be quite effective ;) Trivial to bypass but itl stop most bots -----Original Message----- From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] Sent: Sunday, December 07, 2014 02:46 AM To: dealTek; php-general@xxxxxxxxxxxxx General Subject: Re: Trying to cut down on form spam On 6 December 2014 20:04:41 GMT+00:00, dealTek <dealtek@xxxxxxxxx> wrote: >Hi All, > >I have a 2 page form > >page 1 = form > >page 2 = action page (updates database and sends email) > >So, I am getting a lot of spam. Owner wants very little error checking >for maximum input for possible business.. > >So to cut down on spam I added a simple captcha I made - very easy to >read with 4 numbers to add to a field and gen_validatorv4.js helps to >make sure it is filled out correctly or the form won't submit > >spam get to be way less... > >then I added an http referrer field to show where it came from.... > > >HOWEVER - one kind of spam comes through no matter what I do > >in the 2 new fields I added (captcha text and referrer) are just more >random text entrees .... > >- also changed url for the action page - more spam again within minutes >(seems like it would take spammers time to learn this...?) > > >it's kind of like spammers are filling out the form - page 1 from some >other location and possibly submitting from some other location also? > >Q: How do I stop this form spam? > > > >-- >Thanks, >Dave - DealTek >dealtek@xxxxxxxxx >[db-14] > > >-- >PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >http://www.php.net/unsub.php First, never rely on JavaScript for form validation, as you've seen, it's trivial to bypass. You need some kind of validation on the server, always. Get that in place, tie it in with your captcha (if that one is not possible try Google recaptcha) and make sure everything else is validated against, as I have a suspicion your queries may be full of holes... Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
