Honeypot field works well for me. Just be careful to give the field a name attribute that isn't likely to be auto-filled by Chrome e.g. name="areyouabot" rather than name="email". To allow URLs I sometimes validate against 'http://', with accompanying text explaining to write urls without the 'http://'
On 29/09/2014, at 3:45 pm, Chris Hope <[email protected]> wrote: > I used to use the hidden form field trick but one day Chrome suddenly started > filling it in, and my users were complaining... I stopped using that method > years ago as a result. > > Recently, I've found having a field with something like "what's 1+2" to be > quite effective, using Javascript to populate the value and hide it. People > with Javascript enabled (i.e. pretty much everyone) never see the field and > pass the test. Bots usually fail. We have had some spam get through on the > few contact forms we've implemented with this, but I suspect they are > actually real people spammers. We saw the huge deluge of daily spam almost > disappear. > > On 29 September 2014 15:29, David Neilsen <[email protected]> wrote: > Here is a few tricks I find quite effective: > Put a pseudo hidden field on the form and enforce that its empty when > submitted. Some spam bots blindy fill all fields. > Add a nonce (number used once) to the form. This forces spam bots to download > the page content and parse it every time, which some will not bother with. > Use JS to perform an operation and add a value to the form. The prevents spam > bots that don't execute JS. > This has stopped all my spam issues in the past, although arguably it would > still be possible to get around. > > In terms of using 3rd parties for spam detection, even those can be hit and > miss. > > > > On 29 September 2014 14:59, Mike Little <[email protected]> wrote: > Agreed. We are wanting to build something quite smart that includes both > client and server side checks. > > The problem is we have one high-profile client that needs to have at least > one url in a comment... > > On Monday, September 29, 2014 2:46:13 PM UTC+13, SearchMaster wrote: > Simple enough to filter out where text area contains A HREF=". And you ask > people to not include html in contact form. Cuts out vast majority of spam. > > On 29/09/2014 2:21 pm, "Mike Little" <[email protected]> wrote: > hey guys, > > has anyone heard of or used an API for detecting bad words/phrases in a > contact forms message? > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > > -- > Chris Hope > iSavvy Ltd > > Email: [email protected] > Websites: > - www.runningcalendar.co.nz > - www.runningcalendar.com.au > - www.electrictoolbox.com > Phone: +64 9 522 9531 > Mobile: +64 21 866 529 > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
