Prevent Email Spam after using reCaptcha

Question

All, I've got a form on my page that I use to send emails. On the form page I have the following code:

<input type="text" name="Name" id="your_name" class="contact_form_input_text">
<input type="text" name="Email_Address" id="your_email" class="contact_form_input_text">
<input type="text" name="fill_me_out" id="fill_me_out">
<input type="button" value="Send" id="submit_contact_form_button">

The first text box is a lamecaptcha and I check it on the PHP side to make sure that it wasn't filled out. I also hide it using some JS with this:

jQuery(function(){
    jQuery("#fill_me_out").hide();
});

I then have the following form validation before my page submits using jQuery validator:

jQuery("#contact_form").validate({
    rules: {
        Email_Address: {
            required: true,
            email: true
        },
        Name: {
            required: true
        }
    },
    messages: {
        Email_Address: {
            required: "Please enter an email address!",
            email: "Please enter a valid email address!"
        },
        Name: {
            required: "Please enter your Name!"
        }
    }
});

jQuery("#submit_contact_form_button").click(function(event) {
      if (jQuery("#contact_form").valid()) {
        challengeField = jQuery("input#recaptcha_challenge_field").val();
            responseField = jQuery("input#recaptcha_response_field").val();
            var html = jQuery.ajax({
            type: "POST",
            url: site_url + "ajax.recaptcha.php",
            data: "recaptcha_challenge_field=" + challengeField + "&recaptcha_response_field=" + responseField,
            async: false
            }).responseText;

            if(html == "success")
            {
                //$("#captchaStatus").html(" ");
                // Uncomment the following line in your application
                //return true;
                jQuery("#contact_form").submit();
            }else{
                jQuery("#captchaStatus").html("Your captcha is incorrect. Please try again");
                Recaptcha.reload();
                return false;
            }
      }
      return false;
    });

If everything is filled out correctly the page then submits. I have the following check to check the lame captcha:

$lamecaptcha_check = $_POST['fill_me_out'];
if($lamecaptcha_check!=""){
    echo '[box style="alert"]Why are you trying to spam us? It could be because you don\'t have Javascript enabled and filled out an incorrect box![/box]';
}else{
    //Send the form using mail
}

To submit the form is a button and not a submit so it has to go through the jquery validation to do even be submitted. Somehow I'm still getting blank email messages to come through. Does anyone know anything else I can possibly do to prevent spam/blank email messages? I was thinking I should check the variables on the back end to make sure they are not blank but the form shouldn't even be submitted unless there are some values so I require a valid email address on the initial page. Any ideas are appreciated!

Thanks!

Answer 1

Just because you have a submit button go through jQuery to work, doesn't mean the form can't be submitted otherwise.

A spambot would probably examine the HTML of your form, look at the different fields, and then just send a POST request with the relevant information. It will not evaluate your jQuery.

If you want to do something like this, set the form's action="javascript:;", then update it in your jQuery to the actual value right before submitting.