Instead of re-inventing a wheel, maybe use this? http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html -----Original Message----- From: Ken Kixmoeller [mailto:phphelp@xxxxxxxxxxx] Sent: Monday, December 08, 2014 2:22 PM Cc: PHP General list Subject: Re: Trying to cut down on form spam Not for international use, but: I just downloaded a bunch of very easily-identifiable similarly-formatted pictures. Made them the same size. I created a simple table with the name of the picture file and the english name of the object, both encrypted. Then a simple function created radio buttons with 5 random object names and one of the 5 photos. Display a "The best word to identify this:" Match 'em up & act accordingly. On Mon, Dec 8, 2014 at 9:37 AM, Aziz Saleh <azizsaleh@xxxxxxxxx> wrote: > On Mon, Dec 8, 2014 at 10:14 AM, Ashley Sheridan > <ash@xxxxxxxxxxxxxxxxxxxx > > > wrote: > > > > > > > On 8 December 2014 15:10:43 GMT+00:00, Bastien Koert > > <phpster@xxxxxxxxx> > > wrote: > > >Another trick is to add a hidden field, call it token or something > > >like that, but its not used during the scripts execution. Bots are > > >stupid and will fill in the field, so a simple check to see if the > > >field is filled in renders that submission invalid. > > > > > >Bastien > > > > > >On Sun, Dec 7, 2014 at 8:05 AM, Matthew Lagoe > > ><matthew.lagoe@xxxxxxxxxxx> > > >wrote: > > > > > >> I have also found a "type the number 4 in the box" spam check to > > >> be > > >quite > > >> effective ;) > > >> > > >> Trivial to bypass but itl stop most bots > > >> > > >> -----Original Message----- > > >> From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > > >> Sent: Sunday, December 07, 2014 02:46 AM > > >> To: dealTek; php-general@xxxxxxxxxxxxx General > > >> Subject: Re: Trying to cut down on form spam > > >> > > >> > > >> > > >> On 6 December 2014 20:04:41 GMT+00:00, dealTek > > >> <dealtek@xxxxxxxxx> > > >wrote: > > >> >Hi All, > > >> > > > >> >I have a 2 page form > > >> > > > >> >page 1 = form > > >> > > > >> >page 2 = action page (updates database and sends email) > > >> > > > >> >So, I am getting a lot of spam. Owner wants very little error > > >checking > > >> >for maximum input for possible business.. > > >> > > > >> >So to cut down on spam I added a simple captcha I made - very > > >> >easy > > >to > > >> >read with 4 numbers to add to a field and gen_validatorv4.js > > >> >helps > > >to > > >> >make sure it is filled out correctly or the form won't submit > > >> > > > >> >spam get to be way less... > > >> > > > >> >then I added an http referrer field to show where it came from.... > > >> > > > >> > > > >> >HOWEVER - one kind of spam comes through no matter what I do > > >> > > > >> >in the 2 new fields I added (captcha text and referrer) are just > > >more > > >> >random text entrees .... > > >> > > > >> >- also changed url for the action page - more spam again within > > >minutes > > >> >(seems like it would take spammers time to learn this...?) > > >> > > > >> > > > >> >it's kind of like spammers are filling out the form - page 1 > > >> >from > > >some > > >> >other location and possibly submitting from some other location > > >also? > > >> > > > >> >Q: How do I stop this form spam? > > >> > > > >> > > > >> > > > >> >-- > > >> >Thanks, > > >> >Dave - DealTek > > >> >dealtek@xxxxxxxxx > > >> >[db-14] > > >> > > > >> > > > >> >-- > > >> >PHP General Mailing List (http://www.php.net/) To unsubscribe, > > >visit: > > >> >http://www.php.net/unsub.php > > >> > > >> > > >> First, never rely on JavaScript for form validation, as you've > > >> seen, > > >it's > > >> trivial to bypass. You need some kind of validation on the > > >> server, > > >always. > > >> > > >> Get that in place, tie it in with your captcha (if that one is > > >> not possible try Google recaptcha) and make sure everything else > > >> is > > >validated > > >> against, as I have a suspicion your queries may be full of holes... > > >> Thanks, > > >> Ash > > >> > > >> -- > > >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: > > >> http://www.php.net/unsub.php > > >> > > >> > > >> > > >> > > >> -- > > >> PHP General Mailing List (http://www.php.net/) To unsubscribe, > > >> visit: http://www.php.net/unsub.php > > >> > > >> > > > > A honeypot field wouldn't help in this case, as the spam is already > > bypassing the form if I read the op's email correctly Thanks, Ash > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > Personally, the best way I think is using recaptcha: > > https://www.google.com/recaptcha/intro/index.html > > It has been updated so that the only thing the user needs to do is check a > checkbox! It doesn't get any easier. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
