SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 32 of 32
  1. #26
    SitePoint Addict sorin21us's Avatar
    Join Date
    Mar 2009
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rageh View Post
    Arkinstall, what you suggested is a little too drastic I think.

    Besides the captcha, I suggest that you try the 'honey trap' technique as an additional anti-spam measure. I find both these techniques deployed together work very effectively.
    I didn't know what is a honey trap but I found this. I hope that is what u recommend me.
    I will keep first the math captcha for one week to see the results and I will learn about the other options if the math captcha doesn't stop the spam.

  2. #27
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Again, if it turns out this is human-posted spam, then no kind of captcha will stop 'em.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #28
    SitePoint Addict sorin21us's Avatar
    Join Date
    Mar 2009
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    Again, if it turns out this is human-posted spam, then no kind of captcha will stop 'em.
    I was thinking that someone makes a joke, but because sometimes I got spam and no one used the form, I'm not sure about that anymore. I will post here the results.

  4. #29
    SitePoint Guru rageh's Avatar
    Join Date
    Apr 2006
    Location
    London, Formerly Somalia
    Posts
    612
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sorin21us View Post
    I didn't know what is a honey trap but I found this. I hope that is what u recommend me.
    I will keep first the math captcha for one week to see the results and I will learn about the other options if the math captcha doesn't stop the spam.
    No, that is not the 'honey trap' technique.

    The honey trap technique is very simple. In the front-end form you include one extra field that the user is not to fill at all. You use CSS to make the field hidden from humans. But it will be visible to spambots. For those browsing without CSS, you can say "leave empty" or similar message beside that field. So humans will not touch it.

    However, the spambot fills in all fields including the hidden one, the so called honey trap. Then in your script, you check whether or not that hidden field was filled in. If it was filled in, you assume that was a spambot and abort the script. If, on the other hand, the form was submitted with the hidden field empty, then that is human being and you process it as normal.

    There is another technique called 'delayed time'. You take note of the time and when the form was first loaded and take the time when it is submitted. If the form is submitted, say less than 20 seconds later, you can fairly assume that is spambot. No human is fast enough to fill in form in less than 20 seconds.

    One last thing to note is that may be you get spam emails not coming from the contact form? It is possible that your email is being spammed already. Just distinguish messages from the contact form by having descriptive suject line. So any email not having that subject is a non-contact form spam. I know this is trivial but worth noting.
    ------------------

  5. #30
    SitePoint Addict sorin21us's Avatar
    Join Date
    Mar 2009
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank u rageh for your honey trap example. Please help me with the php.
    If this is my form

    <input type="text" name="email" />
    <input type="hidden" name="spam" />

    what is the php code to check with the hidden field if is a spam?

  6. #31
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I'm pretty sure if you tried you could do that without assistance. But, eh well, here goes:
    PHP Code:
    <?php
    //form
    ?>
    <input type="text" name="email" />
    <div style="display: none;">
        <input type="text" name="url" />
        <p>Don't enter anything in the above text field</p>
    </div>
    <?php
    //Handling:
    if(array_key_exists('url'$_POST) && strlen($_POST['url']) > 0){
        
    //don't continue
    }
    Spambots aren't written by complete idiots - they usually know what to check for. A field called 'spam' is unlikely to be filled in by a spambot, but 'url' is a common field. They'd detect input type="hidden" and send it's initial value. They can probably also detect CSS in a text input and know if it's hidden. What's less likely is them detecting if it's inside an element with display:none. I can bet it won't be long until they spot that too.

    I've never seen a spambot's code; though if I were to make one I know it definitely wouldn't fill in inputs with a name like "spam" or hidden, and it would check CSS too. Doesn't take much effort, and it accomplishes more submissions which is, in the end, the aim of a spambot.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  7. #32
    SitePoint Addict sorin21us's Avatar
    Join Date
    Mar 2009
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    I'm pretty sure if you tried you could do that without assistance. But, eh well, here goes:
    PHP Code:
    <?php
    //form
    ?>
    <input type="text" name="email" />
    <div style="display: none;">
        <input type="text" name="url" />
        <p>Don't enter anything in the above text field</p>
    </div>
    <?php
    //Handling:
    if(array_key_exists('url'$_POST) && strlen($_POST['url']) > 0){
        
    //don't continue
    }
    Spambots aren't written by complete idiots - they usually know what to check for. A field called 'spam' is unlikely to be filled in by a spambot, but 'url' is a common field. They'd detect input type="hidden" and send it's initial value. They can probably also detect CSS in a text input and know if it's hidden. What's less likely is them detecting if it's inside an element with display:none. I can bet it won't be long until they spot that too.

    I've never seen a spambot's code; though if I were to make one I know it definitely wouldn't fill in inputs with a name like "spam" or hidden, and it would check CSS too. Doesn't take much effort, and it accomplishes more submissions which is, in the end, the aim of a spambot.
    Thank you arkinstall. With this honey trap I don't get spam anymore from my contact page. After a while a got spam in the comments, but I put the honey trap there, too, and since then I didn't get any spam.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •