Mobile app version of vmapp.org
Login or Join
Deb1703797

: How to protect a form from spam? I have compiled a list of items that may protect a web form from span. Which are actually effective? Please feel free to add additional items. Store a

@Deb1703797

Posted in: #Forms #SpamPrevention

I have compiled a list of items that may protect a web form from span. Which are actually effective? Please feel free to add additional items.


Store a code as a hidden field and verify it when submitted.
Use jQuery to set the method and action fields after page loads.
(Also) Use jQuery to encode the action URL
Encode the entire webform and use jQuery to decode it after the page loads.
Use AJAX instead of the standard submit button action.
Use CAPTCHA
Place CSS-hidden fields of the form that only bots will find and fill in.
Recording time between page load and submission, ignore if less that 1 second.
Load the form into the page via AJAX, one second after page loads.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Deb1703797

2 Comments

Sorted by latest first Latest Oldest Best

 

@Annie201

By far my favorite technique is called a 'honeypot'. Here is how it works...

Say your form asks for a name. Put the following two fields on the page:

<span class='hp'>
<label for='Message'>Message:</label >
<textarea id='Message' name='message' />
</span>
<span>
<label for='TmpField'>Message:</label >
<textarea id='TmpField' name='tmpField' />
</span>


Make the first span with the class hp hidden via CSS. That is the honeypot. The bot won't see CSS, so will try to fill in the message field before submitting the form. Users will only see tmpField, and will input their message there. (Obviously your form processing code has to be in on the ruse.)

In your form processing code, simply throw out any input where the message field contains content. Ignore it. Continue along as though nothing had happened. You definitely don't want to tell the spammer bot "Oh, that didn't work" so that they can try again.

Here at Glassdoor, we find that this technique removes nearly ALL spam through our forms.

10% popularity Vote Up Vote Down


 

@Reiling115

From my personal experience, I have found that CAPTCHA is virtually ineffective when it comes to preventing spam attacks. What I use and I found to be the most useful is adding a field to the form and covering it with CSS so that it is not exposed to human visitors. Spam bots feed value to these fields and can be blocked easily. It is simpler than any of the alternatives you provided, sleek, highly effective, works great with people who does not have ajax/js and does not affect user experience(unlike CAPTCHA).

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme