Mobile app version of vmapp.org
Login or Join
Cody1181609

: Can randomly-generated field names help avoid SPAM bots? If I were to generate my field names randomly each time a contact form was rendered, would that help prevent SPAM bots from recognizing

@Cody1181609

Posted in: #Spam #SpamPrevention

If I were to generate my field names randomly each time a contact form was rendered, would that help prevent SPAM bots from recognizing the fields? Can they read label text?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Cody1181609

1 Comments

Sorted by latest first Latest Oldest Best

 

@Pope3001725

It will help but it won't prevent it from stopping all spam. The changing name fields, assuming they are unique every time the form is displayed, will help stop the bots that depend on knowing the form fields ahead of time to complete the form. It will also help stop the bots that look for exact field names like "name" and "email", etc.

What it won't stop are bots that are smart enough to look for field names that are like common field names but not always exactly the same. They look for fields that contain common field names like "name" and "email". So if your form uses those identifiers inside of your dynamic field names they will still get through. Your idea also won't stop human spammers at all. They'll just fill out the form and submit it without any difficulty at all.

If you want to stop bots, these are some options you can implement along with your dynamic field names:

1) Putting a fake field that only bots will see. Then if that field is submitted with the rest of the form you can ignore it (and ban them if desired). You can also trap bad bots who follow a hidden link.

2) Use a CAPATCHA like reCAPTCHA

3) Use a field that requires the user to answer a question like what is 5 + 3. Any human can answer it but a bot won't know what to do since it is auto-populating fields based on field names. So that field will be either incorrect or missing in which case the submission will be rejected.

4) Use a token and put it into a session and also add it to the form. If the token is not submitted with the form or doesn't match then it is automated and can be ignored.

5) Look for repeated submissions from the same IP address. If your form shouldn't get too many requests but suddenly is it probably is being hit by a bot and you should consider temporarily blocking the IP address.

6) Use Askimet. It is great at identifying spam.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme