Another trick is to add a hidden field, call it token or something like that, but its not used during the scripts execution. Bots are stupid and will fill in the field, so a simple check to see if the field is filled in renders that submission invalid. Bastien On Sun, Dec 7, 2014 at 8:05 AM, Matthew Lagoe <matthew.lagoe@xxxxxxxxxxx> wrote: > I have also found a "type the number 4 in the box" spam check to be quite > effective ;) > > Trivial to bypass but itl stop most bots > > -----Original Message----- > From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > Sent: Sunday, December 07, 2014 02:46 AM > To: dealTek; php-general@xxxxxxxxxxxxx General > Subject: Re: Trying to cut down on form spam > > > > On 6 December 2014 20:04:41 GMT+00:00, dealTek <dealtek@xxxxxxxxx> wrote: > >Hi All, > > > >I have a 2 page form > > > >page 1 = form > > > >page 2 = action page (updates database and sends email) > > > >So, I am getting a lot of spam. Owner wants very little error checking > >for maximum input for possible business.. > > > >So to cut down on spam I added a simple captcha I made - very easy to > >read with 4 numbers to add to a field and gen_validatorv4.js helps to > >make sure it is filled out correctly or the form won't submit > > > >spam get to be way less... > > > >then I added an http referrer field to show where it came from.... > > > > > >HOWEVER - one kind of spam comes through no matter what I do > > > >in the 2 new fields I added (captcha text and referrer) are just more > >random text entrees .... > > > >- also changed url for the action page - more spam again within minutes > >(seems like it would take spammers time to learn this...?) > > > > > >it's kind of like spammers are filling out the form - page 1 from some > >other location and possibly submitting from some other location also? > > > >Q: How do I stop this form spam? > > > > > > > >-- > >Thanks, > >Dave - DealTek > >dealtek@xxxxxxxxx > >[db-14] > > > > > >-- > >PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > >http://www.php.net/unsub.php > > > First, never rely on JavaScript for form validation, as you've seen, it's > trivial to bypass. You need some kind of validation on the server, always. > > Get that in place, tie it in with your captcha (if that one is not > possible try Google recaptcha) and make sure everything else is validated > against, as I have a suspicion your queries may be full of holes... > Thanks, > Ash > > -- > PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > http://www.php.net/unsub.php > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Bastien Cat, the other other white meat
