Reputation: 2439
prevent spam using input type hidden
I'm just curious. does spam bots fill out the <input type="hidden" name="hidden">?
if yes ,Is it a good way to prevent bots from spamming?
for example:
if($_POST['hidden'] != ""){
//bots filling up form
}else{
//send email
}
Upvotes: 2
Views: 2719
Answers (3)
Reputation: 21
I concur with Vasil. These bots are just going to do what they're programmed to do - in this case, spam/abuse your web forms. I see this nuisance increasing over the past year or so, stuffing web forms with unwanted messages, hijacking forum threads with unscrupulous advertisements or URLs, and creating fake accounts if you're running some kind of a giveaway campaign. In many cases, the URLs posted by these spammers may be phishing sites, putting your website users at risk. This in turn reduces the credibility of your site/forum.
So, how do you deter form spam?
- Akismet - many bloggers use it, but the creators of these bot programs are smart enough to by-pass this barricade
- Use powerful field validation - but, if your form has many fields, it might frustrate genuine users with too much prodding and prompting
- Use CAPTCHA along with the form - it will deter bots, but the CAPTCHA box (along with the intimidating 'Are you a real user or robot') can frustrate users who have just filled the form
- Sophisticated bot prevention service - intelligent enough to detect and mitigate bots, without bothering genuine users
Whatever be the methodology you may use to prevent form spam bots, just make sure you don't make it cumbersome for the genuine visitors/users to your website.
Disclaimer: I work for ShieldSquare, a real-time cloud-based bot prevention solution.
Upvotes: 2
Reputation: 21
Bots normally will fill all fields, so you can check if the field been filled with value, this is called HoneyPot trick. My two cents are you can always blocked 90% bots that save you database lookup and CPU.
Upvotes: 1
Reputation: 1830
The bots will do whatever you tell them.
Lets say a person views your html, he may try and if it's not okey, he will fill it.
What you can do is set a restriction to a user. For example, if a user send more then one,two or three or w/e count of emails under one minute, to restrict him. You will need to have one if before you start everything.
->is user restricted ?
-> no -> continue with checking the form -> send mail
-> yes -> show error page -> return.
I think this should be your flow, if you want to prevent the user from sending mails.
Other way is captcha or even if a user is spamming to have a cron job or something to blacklist the user.
There are many ways you can handle this. Just find what suits your needs.
Upvotes: 3
Related Questions
- Preventing a form from being submitted by spamming visitor
- PHP Form Spam Prevention
- Prevent spam form
- Spambots and input forms
- using hidden form field to reduce spam
- How to stop spammers entering http into a form to database
- Prevent spam from my form
- Optimising against spam without captcha
- How to protect html form from spammers?
- Protecting Froms From Scriptable Spamming