Page 1 of 1

Spam Bots

Posted: Wed Aug 05, 2009 9:44 am
by REwingUK
Basically i have a form on my website that sumbits an email. I have a captcha on the form, but still they seem to send messages through it.

Setting the form into a <div> and setting the style to style='display:none', will this stop the spam bots?

Or can you suggest any better ways to protect my site from spam bots.

E.g of what they send:

Name: peplsvcxb
Email: ZlIonkQyfGPDm
Telephone Number: iuyLXiUjjSJxHYaf
Message: REQ5XN <a href=\"http://spam.com/\">ymgvinahvefl</a>, lpejzyspfayj, [link=http://spam.com/]udykuehlwkmo[/link], http://spam.com/

Re: Spam Bots

Posted: Wed Aug 05, 2009 1:21 pm
by William
REwingUK wrote:Basically i have a form on my website that sumbits an email. I have a captcha on the form, but still they seem to send messages through it.

Setting the form into a <div> and setting the style to style='display:none', will this stop the spam bots?

Or can you suggest any better ways to protect my site from spam bots.

E.g of what they send:

Name: peplsvcxb
Email: ZlIonkQyfGPDm
Telephone Number: iuyLXiUjjSJxHYaf
Message: REQ5XN <a href=\"http://spam.com/\">ymgvinahvefl</a>, lpejzyspfayj, [link=http://spam.com/]udykuehlwkmo[/link], http://spam.com/
Hiding the div via CSS won't matter. CSS Is for rendering, I highly doubt the bot actually renders your style sheet to submit your form.

Are you using your own custom captcha or a script?

Re: Spam Bots

Posted: Thu Aug 06, 2009 9:31 am
by Mordred

Re: Spam Bots

Posted: Thu Aug 06, 2009 9:39 am
by superdezign
There's also a sneaky trick that has gained widespread popularity on the internet. The hidden input element.

Code: Select all

<form>
  ...
  <input type="text" name="spam-catcher" id="spam-catcher" />
</form>

Code: Select all

#spam-catcher {
  display: none;
}

Code: Select all

if (empty($_POST['spam-catcher'])) {
  // Send e-mail
}
 
echo 'E-mail sent!'; // Even if it wasn't due to the spam catcher
Bots fill all form elements because they assume everything is required. If they fill your spam-catcher element, you'll know that they are not human. Quick and easy.

Re: Spam Bots

Posted: Thu Aug 06, 2009 9:51 am
by jackpf
That's quite clever :D

You've redeemed yourself regarding the "genii" incident :P

Re: Spam Bots

Posted: Thu Aug 06, 2009 12:43 pm
by superdezign
jackpf wrote:You've redeemed yourself regarding the "genii" incident :P
:mrgreen:

Re: Spam Bots

Posted: Fri Aug 07, 2009 1:10 pm
by kaisellgren
The hidden form field works for bots that have no particular target. I bet your CAPTCHA is weak. Mordred suggested to use reCAPTCHA, which should eliminate 99% of automated queries you receive. Try using reCAPTCHA and see if there's a difference (should be).