Another spambot prevention method

Question

I know this question has been asked before but I didn't see the following solution anywhere else.

I have a website with a lot of forms and I'm looking for a way, without needing to edit the php for each form, to fend of the bots.

I'm proposing to use this but I wandered if anyone might have any thoughts or reasons why I should not?

    <form method="POST" action="enableJavascript.html">
        <!-- I change the action to a page to tell the user 
              that javascript is required-->

        <input name="action" value="contact.php" type="hidden"/>
        <!-- and add an input that contains the original action-->


        <input name="name"/>
        <input name="email"/>
        <input type="submit" value="submit"/>
    </form>

And here is the javascript / jQuery to handle posting the forms:

        $(function() {
            $('form').submit(function(e) {
                var $this = $(this);
                if (e.originalEvent) { // only change the action if the form was 
                                       // submitted via user input
                    e.preventDefault();
                    $this.attr('action', $('input[name=action]',$this).val());
                    $this.submit();
                }
            });
        });

I guess this would fail if bots are known to 'click' buttons, but I don't know if that's the case?

Answer 1

This really won't work to stop bots and here's why. The bots will come in and scrape the field names from your form and then craft their own POST request. They're not going to see, let alone obey your JavaScript event stop.

What you should do is craft an AJAX page and have your form submit it that way. It makes it much harder for the bots to fill it out and submit because there's no <form action="page.php"> to follow. The other way is to install a captcha, like ReCaptcha