I used to use the hidden form field trick but one day Chrome suddenly started filling it in, and my users were complaining... I stopped using that method years ago as a result.
Recently, I've found having a field with something like "what's 1+2" to be quite effective, using Javascript to populate the value and hide it. People with Javascript enabled (i.e. pretty much everyone) never see the field and pass the test. Bots usually fail. We have had some spam get through on the few contact forms we've implemented with this, but I suspect they are actually real people spammers. We saw the huge deluge of daily spam almost disappear. On 29 September 2014 15:29, David Neilsen <[email protected]> wrote: > Here is a few tricks I find quite effective: > > - Put a pseudo hidden field on the form and enforce that its empty > when submitted. Some spam bots blindy fill all fields. > - Add a nonce (number used once) to the form. This forces spam bots to > download the page content and parse it every time, which some will not > bother with. > - Use JS to perform an operation and add a value to the form. The > prevents spam bots that don't execute JS. > > This has stopped all my spam issues in the past, although arguably it > would still be possible to get around. > > In terms of using 3rd parties for spam detection, even those can be hit > and miss. > > > > On 29 September 2014 14:59, Mike Little <[email protected]> wrote: > >> Agreed. We are wanting to build something quite smart that includes both >> client and server side checks. >> >> The problem is we have one high-profile client that needs to have at >> least one url in a comment... >> >> On Monday, September 29, 2014 2:46:13 PM UTC+13, SearchMaster wrote: >>> >>> Simple enough to filter out where text area contains A HREF=". And you >>> ask people to not include html in contact form. Cuts out vast majority of >>> spam. >>> On 29/09/2014 2:21 pm, "Mike Little" <[email protected]> wrote: >>> >>>> hey guys, >>>> >>>> has anyone heard of or used an API for detecting bad words/phrases in a >>>> contact forms message? >>>> >>>> -- >>>> -- >>>> NZ PHP Users Group: http://groups.google.com/group/nzphpug >>>> To post, send email to [email protected] >>>> To unsubscribe, send email to >>>> [email protected] >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "NZ PHP Users Group" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> -- >> NZ PHP Users Group: http://groups.google.com/group/nzphpug >> To post, send email to [email protected] >> To unsubscribe, send email to >> [email protected] >> --- >> You received this message because you are subscribed to the Google Groups >> "NZ PHP Users Group" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups > "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Chris Hope iSavvy Ltd Email: [email protected] Websites: - www.runningcalendar.co.nz - www.runningcalendar.com.au - www.electrictoolbox.com Phone: +64 9 522 9531 Mobile: +64 21 866 529 -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
