jcombs_31 Posted December 18, 2006 Share Posted December 18, 2006 I think I've talked about this before, but wanted to hear what methods you guys use for simple commenting/guestbook forms. I know tried and true is using captcha images, but this is more or less annoying to a user for leaving a simple comment in a blog or whatever.I see many different blogs out there that are not using captcha and don't seem to have spam posted. What methods do you guys use to prevent spam? Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/ Share on other sites More sharing options...
redbullmarky Posted December 18, 2006 Share Posted December 18, 2006 although a different type of thing, a petition site i saw recently had a good type of spam prevention, and as comment/guestbook type things are more one-off post type things, it seems to work...basically an email is sent to the email address specified in the form, with an activation link. works EXACTLY the same as forum registration activation emails. most spam bots are either using forged email addresses, or just fake ones, in which case, it works very nicely.as far as guestbooks and things go, i dont think i'd ever actually post a comment to a site of mine straight away. the dinnertimes site of mine puts ALL submissions by a user in a moderation queue for me to click 'approve' or 'deny'. Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-143540 Share on other sites More sharing options...
steviewdr Posted December 18, 2006 Share Posted December 18, 2006 Take a look at css based methods of preventing spam and disguising forms:http://isc.sans.org/diary.php?storyid=1836-steve Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-143555 Share on other sites More sharing options...
jcombs_31 Posted December 18, 2006 Author Share Posted December 18, 2006 I recently read that article from digg sterviewdr Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-143632 Share on other sites More sharing options...
steviewdr Posted December 18, 2006 Share Posted December 18, 2006 I know - I got it from ./ originally.Apart from that - my own thoughts may be a simple maths formula for ppl to solve. It will cross all language barriers. If a person sees 2+5=__ Im sure they will be able to know whats going on and manage the answer.Anyways - I havn't had to implement any of these yet. -steve Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-143935 Share on other sites More sharing options...
alpine Posted December 19, 2006 Share Posted December 19, 2006 I use a combination of things, but mostly my first barrier is a decent captha. I run ajax to validate it as it is being written just to help people out visually - once posted it is ofcourse checked again.From all forms that have the captcha in it - or forms that i choose to include a spesific named hidden field in (both fields have fixed named that my postcheck function looks for) all posted values (exept the captcha field) is melted together into one string and put into a mysql table (works global on the entire site) to prevent submission of the exact frase more than once in an interval of 24 hrs. This prevents mass-reloading etc. Also if the hidden checkfield is not empty as it is designed to be, the form is stopped.I also validate title etc. to not contain sertain characters not expected such as @* and so on, and i use checkdnsrr() on the always mandatory email field in addition to ordinary pattern-validation and injection check's.I always prefer to name formfields in norwegian, not naming them name,email,title etc.On my oldest site, i've only had 3 known spam attempts in 3 years so i guess i'm lucky. It is a pretty visible site in search engines too with a google rank of 4/10 , i think is fairly good for a hobby site - and with an averal of 60.000 page views per month according to my BBClone, 3 attempts isn't bad in my eyes.To be realistic, there isn't such a thing as a spam-proof form in my eyes. The nearest would be Mark's email-activation, but this might prevent many people from entering anything at all. My experience is that if it's too complicated to use, most people won't use it at all. Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-144296 Share on other sites More sharing options...
monkey_05_06 Posted December 19, 2006 Share Posted December 19, 2006 A friend of mine has done some things like:What is an apple?-> Vegetable-> Fruit-> RockEnter the number 8 in this box: [ ]Lol. Quote Link to comment https://forums.phpfreaks.com/topic/31092-preventing-form-spam/#findComment-144300 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.