: Robots signing up on website A couple of days ago, some robots started to sign up on the website (about 30 in a couple of days), they don't do anything on the website (as I'm guessing they

@Connie744

I simply add a hidden input named: name or pseudo and I check if is empty when I process de post. That clears 95% of robot sign-up!

Of course I add a time token in a session and a hidden input and compare it + an time in session for timing between form page and process page.

Vote Up Vote Down

@Welton855

Look into having a honey pot in your form, this will only work though if it's a generic robot, as the moment a custom script is written the honeypot can easily be bypassed.

Also, if you're not keen on a CAPTCHA you could try Solve Media's alternative and earn a bit on the side at the same time, I think it was Ticketmaster who recently started using them as an alternative.

Something else I've seen to stop cURL automation is to set a cookie in the user's browser then using JavaScript and a combination of that cookie encrypt the _POST data, so that it's gibberish. This can be a real pain if you're working with cURL as you then have to reverse engineer it, again this slows people down, but does eradicate the use of bots if someone has enough time on their hands.

Of course if they really want to get at you they can use Amazon Turk to pay a real human [CO].01-[CO].05 for each signup / action on your site.

Vote Up Vote Down

@Sarah324

To avoid bots, you can try any of the following, but CAPTCHA is the best way to avoid scripted attacks.


You could use CSRF tokens to avoid this
Insert or remove some value via JavaScript from the form element and verify the same on the server end.
Check for the HTTP referer on sign up

Vote Up Vote Down