I've found that forcing a delay in submitting the form helps as well. For example, if the page is loaded and the form is submitted in less than five seconds (hidden input with timestamp of page load) simply display a message asking the user to wait before submitting.
On 29/09/14 15:45, Chris Hope wrote: > I used to use the hidden form field trick but one day Chrome suddenly > started filling it in, and my users were complaining... I stopped using > that method years ago as a result. > > Recently, I've found having a field with something like "what's 1+2" to > be quite effective, using Javascript to populate the value and hide it. > People with Javascript enabled (i.e. pretty much everyone) never see the > field and pass the test. Bots usually fail. We have had some spam get > through on the few contact forms we've implemented with this, but I > suspect they are actually real people spammers. We saw the huge deluge > of daily spam almost disappear. > > On 29 September 2014 15:29, David Neilsen <[email protected] > <mailto:[email protected]>> wrote: > > Here is a few tricks I find quite effective: > > * Put a pseudo hidden field on the form and enforce that its empty > when submitted. Some spam bots blindy fill all fields. > * Add a nonce (number used once) to the form. This forces spam > bots to download the page content and parse it every time, which > some will not bother with. > * Use JS to perform an operation and add a value to the form. The > prevents spam bots that don't execute JS. > > This has stopped all my spam issues in the past, although arguably > it would still be possible to get around. > > In terms of using 3rd parties for spam detection, even those can be > hit and miss. > > > > On 29 September 2014 14:59, Mike Little <[email protected] > <mailto:[email protected]>> wrote: > > Agreed. We are wanting to build something quite smart that > includes both client and server side checks. > > The problem is we have one high-profile client that needs to > have at least one url in a comment... > > On Monday, September 29, 2014 2:46:13 PM UTC+13, SearchMaster wrote: > > Simple enough to filter out where text area contains A > HREF=". And you ask people to not include html in contact > form. Cuts out vast majority of spam. > > On 29/09/2014 2:21 pm, "Mike Little" > <[email protected]> wrote: > > hey guys, > > has anyone heard of or used an API for detecting bad > words/phrases in a contact forms message? > > -- > -- > NZ PHP Users Group: > http://groups.google.com/__group/nzphpug > <http://groups.google.com/group/nzphpug> > To post, send email to [email protected] > To unsubscribe, send email to > nzphpug+u...@__googlegroups.com > --- > You received this message because you are subscribed to > the Google Groups "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails > from it, send an email to nzphpug+u...@__googlegroups.com. > For more options, visit > https://groups.google.com/d/__optout > <https://groups.google.com/d/optout>. > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > <mailto:[email protected]> > To unsubscribe, send email to > [email protected] > <mailto:nzphpug%[email protected]> > --- > You received this message because you are subscribed to the > Google Groups "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from > it, send an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > <mailto:[email protected]> > To unsubscribe, send email to > [email protected] > <mailto:nzphpug%[email protected]> > --- > You received this message because you are subscribed to the Google > Groups "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. > > > > > -- > Chris Hope > iSavvy Ltd > > Email: [email protected] <mailto:[email protected]> > Websites: > - www.runningcalendar.co.nz <http://www.runningcalendar.co.nz> > - www.runningcalendar.com.au <http://www.runningcalendar.com.au> > - www.electrictoolbox.com <http://www.electrictoolbox.com/> > Phone: +64 9 522 9531 > Mobile: +64 21 866 529 > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google > Groups "NZ PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- http://karere.co.nz - Web Development -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
