On Mon, Dec 8, 2014 at 10:14 AM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> wrote: > > > On 8 December 2014 15:10:43 GMT+00:00, Bastien Koert <phpster@xxxxxxxxx> > wrote: > >Another trick is to add a hidden field, call it token or something like > >that, but its not used during the scripts execution. Bots are stupid > >and > >will fill in the field, so a simple check to see if the field is filled > >in > >renders that submission invalid. > > > >Bastien > > > >On Sun, Dec 7, 2014 at 8:05 AM, Matthew Lagoe > ><matthew.lagoe@xxxxxxxxxxx> > >wrote: > > > >> I have also found a "type the number 4 in the box" spam check to be > >quite > >> effective ;) > >> > >> Trivial to bypass but itl stop most bots > >> > >> -----Original Message----- > >> From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > >> Sent: Sunday, December 07, 2014 02:46 AM > >> To: dealTek; php-general@xxxxxxxxxxxxx General > >> Subject: Re: Trying to cut down on form spam > >> > >> > >> > >> On 6 December 2014 20:04:41 GMT+00:00, dealTek <dealtek@xxxxxxxxx> > >wrote: > >> >Hi All, > >> > > >> >I have a 2 page form > >> > > >> >page 1 = form > >> > > >> >page 2 = action page (updates database and sends email) > >> > > >> >So, I am getting a lot of spam. Owner wants very little error > >checking > >> >for maximum input for possible business.. > >> > > >> >So to cut down on spam I added a simple captcha I made - very easy > >to > >> >read with 4 numbers to add to a field and gen_validatorv4.js helps > >to > >> >make sure it is filled out correctly or the form won't submit > >> > > >> >spam get to be way less... > >> > > >> >then I added an http referrer field to show where it came from.... > >> > > >> > > >> >HOWEVER - one kind of spam comes through no matter what I do > >> > > >> >in the 2 new fields I added (captcha text and referrer) are just > >more > >> >random text entrees .... > >> > > >> >- also changed url for the action page - more spam again within > >minutes > >> >(seems like it would take spammers time to learn this...?) > >> > > >> > > >> >it's kind of like spammers are filling out the form - page 1 from > >some > >> >other location and possibly submitting from some other location > >also? > >> > > >> >Q: How do I stop this form spam? > >> > > >> > > >> > > >> >-- > >> >Thanks, > >> >Dave - DealTek > >> >dealtek@xxxxxxxxx > >> >[db-14] > >> > > >> > > >> >-- > >> >PHP General Mailing List (http://www.php.net/) To unsubscribe, > >visit: > >> >http://www.php.net/unsub.php > >> > >> > >> First, never rely on JavaScript for form validation, as you've seen, > >it's > >> trivial to bypass. You need some kind of validation on the server, > >always. > >> > >> Get that in place, tie it in with your captcha (if that one is not > >> possible try Google recaptcha) and make sure everything else is > >validated > >> against, as I have a suspicion your queries may be full of holes... > >> Thanks, > >> Ash > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > >> http://www.php.net/unsub.php > >> > >> > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > A honeypot field wouldn't help in this case, as the spam is already > bypassing the form if I read the op's email correctly > Thanks, > Ash > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Personally, the best way I think is using recaptcha: https://www.google.com/recaptcha/intro/index.html It has been updated so that the only thing the user needs to do is check a checkbox! It doesn't get any easier.
