I have created a pretty big quote request form for a customer (link below), and they are getting 5+ spam comments a day. I tried to bandaid it with a simple javascript captcha that I made, but they are somehow getting past it (the captcha field is coming through as a bunch of characters, not the correct answer so not sure how they are bypassing that)
Any solutions? I tried implementing recaptcha but am not skilled enough in coding to install correctly.
Wow, this has to be the most rediculous spam prevention trick I’ve seen so far. How stupid do you thing spambots are? They are written by smart people, you know. Also alot of spam is submitted manually by people, not bots.
To fight bots just use captcha. To fight human spammers is much harder, but looking out for filtered words, moderating any post that has links in them is a good start. Also use geo location to moderate all posts from certain countries can help.
Bannig ip addresses of known spammers is also helpful. Let them keep trying to find different proxies, these are not unlimited, you know. You can also reject all posts that have headers that indicate that they come from proxy servers.
None of these are 100% effective, but you can probably achieve 90% effectiveness. If spammer realizes that they can’t post links they will most likely go away, since their main goal is to post links to something.
lampcms, you’ll find that is a popular and effective method! 'Cause a lot of spam is also submitted by bots that aimlessly fill out any field they can find. Obviously not perfect, but nothing is!
OP; your captcha has only one possible value so once someone knows it should be ‘7’ that’s your security screwed… but that doesn’t matter because you validate it with javascript! A bot could submit the form with anyyyy value in that field and it won’t be tested, or someone with a few seconds of free time could bypass it in their browser.
The captcha needs to change each time, and the validation should be on the server’s side (likely in PHP) when the form has been submitted - this will prevent the spammer from bypassing it!
if you have a high-volume website, then according to php tutorial you can try to use a simple text confirmation code.
All what you need is an input field and a PHP code to check the entered code. Here is an example code for the HTML form:
Access code: <input /><br />
Please enter <b>MYCODE</b> above.
Then you can simply the check if the entered code matches, with a PHP help. Please, compare the code in lower-case to avoid issues with a typing in CaSe SeNSiTiVe code:
If (strtolower($_POST[‘code’]) != 'mycode') {die('Wrong access code');}
The form will be submitted only after the time, when the person enters the correct access code.