On 8 December 2014 15:10:43 GMT+00:00, Bastien Koert <phpster@xxxxxxxxx> wrote: >Another trick is to add a hidden field, call it token or something like >that, but its not used during the scripts execution. Bots are stupid >and >will fill in the field, so a simple check to see if the field is filled >in >renders that submission invalid. > >Bastien > >On Sun, Dec 7, 2014 at 8:05 AM, Matthew Lagoe ><matthew.lagoe@xxxxxxxxxxx> >wrote: > >> I have also found a "type the number 4 in the box" spam check to be >quite >> effective ;) >> >> Trivial to bypass but itl stop most bots >> >> -----Original Message----- >> From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] >> Sent: Sunday, December 07, 2014 02:46 AM >> To: dealTek; php-general@xxxxxxxxxxxxx General >> Subject: Re: Trying to cut down on form spam >> >> >> >> On 6 December 2014 20:04:41 GMT+00:00, dealTek <dealtek@xxxxxxxxx> >wrote: >> >Hi All, >> > >> >I have a 2 page form >> > >> >page 1 = form >> > >> >page 2 = action page (updates database and sends email) >> > >> >So, I am getting a lot of spam. Owner wants very little error >checking >> >for maximum input for possible business.. >> > >> >So to cut down on spam I added a simple captcha I made - very easy >to >> >read with 4 numbers to add to a field and gen_validatorv4.js helps >to >> >make sure it is filled out correctly or the form won't submit >> > >> >spam get to be way less... >> > >> >then I added an http referrer field to show where it came from.... >> > >> > >> >HOWEVER - one kind of spam comes through no matter what I do >> > >> >in the 2 new fields I added (captcha text and referrer) are just >more >> >random text entrees .... >> > >> >- also changed url for the action page - more spam again within >minutes >> >(seems like it would take spammers time to learn this...?) >> > >> > >> >it's kind of like spammers are filling out the form - page 1 from >some >> >other location and possibly submitting from some other location >also? >> > >> >Q: How do I stop this form spam? >> > >> > >> > >> >-- >> >Thanks, >> >Dave - DealTek >> >dealtek@xxxxxxxxx >> >[db-14] >> > >> > >> >-- >> >PHP General Mailing List (http://www.php.net/) To unsubscribe, >visit: >> >http://www.php.net/unsub.php >> >> >> First, never rely on JavaScript for form validation, as you've seen, >it's >> trivial to bypass. You need some kind of validation on the server, >always. >> >> Get that in place, tie it in with your captcha (if that one is not >> possible try Google recaptcha) and make sure everything else is >validated >> against, as I have a suspicion your queries may be full of holes... >> Thanks, >> Ash >> >> -- >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: >> http://www.php.net/unsub.php >> >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> A honeypot field wouldn't help in this case, as the spam is already bypassing the form if I read the op's email correctly Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
