TECH Form Spam

schmack

Professional Lurker
OT Supporter
Mar 12, 2003
1,982
I've successfully stopped form spam for years on one of my sites using a hidden honeypot field. In about the last 2 months, form spam has started trickling in again. I guess the bots are getting smarter.

Any thoughts on new techniques? I'd prefer not to use a captcha. I put Recaptcha on one of our forms and got nothing but complaints about it.
 

Slid.

I'm a guy.
Oct 25, 2001
1,923
NH
You could try hiding a field through javascript onLoad.

My guess is that the 'smart' bots just ignore type="hidden" fields but I doubt they'd catch a javascript hide.
 

ge0

Active Member
Oct 31, 2005
8,389
JERSEY
Why not make a java script where it detects the mouse cursor on the screen then sets the variable as true.
 
TS
TS
schmack

schmack

Professional Lurker
OT Supporter
Mar 12, 2003
1,982
You could try hiding a field through javascript onLoad.

My guess is that the 'smart' bots just ignore type="hidden" fields but I doubt they'd catch a javascript hide.

I'm not using type="hidden". It's a text field that I'm hiding using CSS. You may be onto something though. If I hide it using jQuery instead of CSS, it could be enough to confuse the bots.
 
TS
TS
schmack

schmack

Professional Lurker
OT Supporter
Mar 12, 2003
1,982
Why not make a java script where it detects the mouse cursor on the screen then sets the variable as true.

I imagine that would break the form on tablets. Our entire executive staff have iPads :hsd:
 

retorq

What up bitch??
Dec 14, 2006
6,002
Mohave Desert
Maybe a drop down box that has an invalid default setting ... or scan all input for a web address when you know there shouldn't be any??
 

OT Addict

Active Member
Nov 16, 2005
19,485
Vegas
If you use JS like that, people with JS disabled or in browsers that don't support it won't be able to use your form.

What kind of spam are you getting? If it all comes from one place, or has something in common that they submit you could block that out with php.
 
TS
TS
schmack

schmack

Professional Lurker
OT Supporter
Mar 12, 2003
1,982
What kind of spam are you getting? If it all comes from one place, or has something in common that they submit you could block that out with php.

It's about three different types. One is just random characters, which I'm assuming is just searching for vulnerabilities. The second seems like it was written by a human. It's more conversational with a link to whatever it is they are trying to sell. Last is just a metric shit ton of links.

In the past, I have denied all form posts with URLs in them, but I've run into issues with valid submissions which included URLs.
 
TS
TS
schmack

schmack

Professional Lurker
OT Supporter
Mar 12, 2003
1,982
If you use JS like that, people with JS disabled or in browsers that don't support it won't be able to use your form.

Actually, if I hid the field with JS, I could just label it "Don't put anything here" for people with JS disabled. Come to think of it, I wonder if most bots run in a JS disabled mode?
 

Users who are viewing this thread

About Us

  • Please do not post anything that violates any Local, State, Federal or International Laws. Your privacy is protected. You have the right to be forgotten. Site funded by advertising, link monetization and member support.
OT v15.8.1 Copyright © 2000-2022 Offtopic.com
Served by fu.offtopic.com

Online statistics

Members online
416
Guests online
56
Total visitors
472

Forum statistics

Threads
369,442
Messages
16,883,765
Members
86,873
Latest member
vitalesan