Spam Protection Problem

[sam_h]

Hi, I was just on here looking for something very simple to act as a spam protection for my contact forms (avoiding captcha). I come across this thread, but was advised to start a new topic because it is so old! http://www.phpfreaks.com/forums/index.php/topic,86873.0.html

 

In response the question, which is the same as mine, one of the answers was put the following lines of code to the top of the script:

 

<?

if(!isset($_SERVER['HTTP_USER_AGENT'])){ 
   exit; 
}

if(!$_SERVER['REQUEST_METHOD'] == "POST"){ 
   exit;     
}

?>

 

can anyone tell me what this does, and is it fairly effective?

 

Regards

 

Sam

[toivo]

Hi,

 

The first line checks if the form has been posted by a browser which identifies its type.  Mind you, it is possible to use cURL and fake any browser you want.

 

The second line checks if the form has been posted.  If the method was GET, the form has probably been displayed by the code earlier and we can now exit.

 

Regards,

 

 

[sam_h]

thanks very much, I use a very simple Name, Email, Message form and currently have no spam protection. I don't want to clog up my page/form with captcha etc and havn't got the no-how to implement a simple 'math based question'.

 

Do you think that this is an OK alternative?

[PFMaBiSmAd]

Only simple spam bot scripts would be stopped by the first check. Most spam bot scripts do set the HTTP_USER_AGENT so the first check won't stop much but would stop some spam attempts.

 

No spam bot script would be stopped by the second check because they will be using the POST method to submit data. The second check just causes the form processing code to ignore page requests that are the result of things like search engines visiting the form processing page or people browsing directly to the form processing page.