3

I've been thinking about easy ways to prevent spammy robots from submitting content into the public forms (e.g. contact forms) on sites.

I know a lot of sites will now ask the user a simple question (e.g. what is 2+4?).

If you had the following, would it be enough to deter most robots?

HTML

<form action="submit.php" method="post">
    <input type="text" name="name" placeholder="Name" /><br />
    <textarea name="message" placeholder="Message"></textarea><br />
    <label for="test">I am a:</label>
    <select id="test">
        <option value="robot" selected="selected">Robot</option>
        <option value="human">Human</option>
    </select>
</form>

PHP

<?php
if ($_POST['test'] == 'robot') header ('Location: contact.php?err=nothuman');
// process form
?>

The idea being the robot will likely leave the option item on the selected item.

If anyone has another very simple solution I would be interested to hear?

Alex Coplan
  • 13,211
  • 19
  • 77
  • 138
  • just so everyone knows **I know** about recaptcha - I'm not talking about *complete* spam protection, more *simple* spam protection - personally I find recaptcha to be to much of a pain for small things (e.g. contact forms) – Alex Coplan Jan 01 '12 at 21:45
  • On some simple forms I've worked with, robot submissions will often select the first non-default choice. So, since you have Robot pre-selected, they are likely to choose Human instead. – Michael Berkowski Jan 01 '12 at 21:46
  • 2
    Although recaptcha is little more, but that is one of the best ways to prevent spam. Nowadays the robots are getting smarter and can easily parse the pages. If you always have the same image/text as a mechanism to prevent spam, some user might once feed that option into the robot and then it can easily continue to spam you. –  Jan 01 '12 at 21:47
  • @Michael interesting!... maybe I should go for three choices - `Robot`, `Monster`, `Human` or something? :) – Alex Coplan Jan 01 '12 at 21:50
  • @AlexCoplan Or 3 robots and 1 human, and randomize the order. ReCaptcha is really effective though... – Michael Berkowski Jan 01 '12 at 21:52

5 Answers5

5

Another option would be to use a picture of a human and a picture of a robot. Images add an extra layer of difficulty when it comes to robots.

Jeremy Harris
  • 24,318
  • 13
  • 79
  • 133
  • 1
    Not too friendly to visually-impaired users though - be sure to include an `alt` attribute!` – Michael Berkowski Jan 01 '12 at 21:45
  • ...and then the alt attribute would destroy that extra layer of difficulty. Back to square one :) The basic captcha's and questions keep existing for years for a reason, I suppose. – Halil Özgür Mar 06 '13 at 15:29
2

No, I don't think this would be enough to prevent robots. You should really consider adding Captacha or something similar for this.

Try: http://www.google.com/recaptcha It is free and easy to integrate with your site.

Update (comment above): Although recaptcha is little more, but that is one of the best ways to prevent spam. Nowadays the robots are getting smarter and can easily parse the pages. If you always have the same image/text as a mechanism to prevent spam, some user might once feed that option into the robot and then it can easily continue to spam you

2

Simple spam protection: Add input named 'website' or any other popular spamers field and hide it with CSS. On server side check if that field is set then it is spammers bot.

Irmantas
  • 86
  • 1
  • 9
1

Well this does seem like a simple solution. Might turn out to be too simple. Check out these ready-made solutions instead :

But if you are keen on keeping it simple, check out this tutorial by PHPBuilder. You will then get to decide the complexity of your script

Vishnu
  • 2,024
  • 3
  • 28
  • 34
1

You can measure a lot of thing to determine if this request was made by robot. Some are,

  1. Time difference between when a user load the contacts page and when he submits it. For robots it will be very low. Or may be a 1-2-5 series type number. Say 10, 50, 100 seconds. In case of user it would be realistic value. Such as 11.345 seconds. Yes you can measure mili seconds. Robot may send request on every 17 seconds to persuade you that its done by human. But isn't it too tough for humans to send request at 17.000 seconds??

  2. Check if javascript is turned on. Robots will not have JS.

  3. Similarly Try to load flash. A flash file can hide its implementation. It can also set some JS value.
Shiplu Mokaddim
  • 56,364
  • 17
  • 141
  • 187