In the video you're first checking if the fields (name, email and query) are set. Personally, what i'd do is first check if the "title" field has been filled in... if so, immediately invalidate the request. There is no need to first validate the actual form, since it's a bot. Cheers

@TealGhost47

3 жыл бұрын

how do you set that up

No need to check for isset() when using !empty(), as one of the equivalent sides of the empty() check is !isset().

Are you still going to make a tutorial (playlist) for Laravel 4? I really want to learn it, but there aren't good tutorials. Thanks

This might work for bots that were created to mass post spam multiple sites, but if a programmer wants to create a bot to post spam this particular website, he's probably going to figure this out and implement it into the bot, so it doesn't fill in the 'title' field. You should probably add this to your description.

Smart idea! im going to use this from now on! thanks

I'll give this a go. Much appreciated John

Good job! I like your solution to form spam.

Added to favorites

Wow. Added to my Useful playlist. Will use this later.

@codecourse

10 жыл бұрын

Great to hear. Hope it's useful for you in the future.

Best PHP tutorials period.

another very useful knowledge thanks you sir for all your tutorials :D

I can see how this could be implemented with JavaScript as well. Love the concept! Thanks!

I've done this a couple of weeks ago on a site, and it's very effective indeed :)

@codecourse

10 жыл бұрын

Great to hear it's worked for you!

@Xewl

10 жыл бұрын

***** Another way would be to add an anti-CRSF field, with a temporary Session ID which can be validated by the receiving code. But hey.. :D

This is so cool, and so easy :) Thanks a lot!

Thanks :) I will keep this in mind

I use this all the time, only I don't call my class hidden , works really well, you can't really do it with jquery as a bot simply reads the raw markup ie. It would nt see any javascript code applied

Why don't you check for the title field at the beginning of the if-statement that was already there? Also, what happens if I use the die function if my email form doesn't forward to another page but uses the same page to send it, will the email form become useless?

@jpkfox

10 жыл бұрын

Because the outcome for 'title' to be set would be different. In this version if the title is set then it calls die()-function. But if everything is in the first if-statement then if title is set there would be no die-call. So we can do a special functionality in a case when title is set. Also I think its more clear for a human to read if its separated because it is a separate issue.

Very cool idea. This is simpler and less intrusive than using a captcha script although probably not as effective. I have actually read a tutorial which uses the PHP image manipulation (gd) library to create a captcha. For those who are interested, the idea is simple. You generate a random string using a character set you wish. Hash the string and set it to a session variable. Then generate an image with the original string and apply lines and dots and stuff to make it harder for computers to read. Then on the second page, you take the input field and run it through the same hash to verify that it was typed in correctly. I know I glossed over the details, but hopefully, this should give you an idea of how to work through this. Perhaps Alex could do a tutorial on this? That would be nice.

Thank you for this but I have a question is there a more complex way in avoiding spam because i think if they will try to bypass the input filled that is hidden they can still continue to spam.

@TheGryphon14

9 жыл бұрын

How can they continue to spam if we already killed the page before submission? I don't get your point here really.

Brilliant! Thank you very much.

Can you help me understand how to do this in CodeIgniter. I'm using $this->form_validation->set_rules('title_1', 'title1', 'max_length[0]'); Form still goes through

Great tip. Useful even in 2024.

I did this and it, tested it, works. Thanks

Ingenious!

Oh, I see what you did there!

But maybe that bot can be smarter and check if input fields ar invisible, if they are, don't write anything in there.

@RollingHousesUK

10 жыл бұрын

yes that's certainly possible ,but until this method is in wide use nobody is giong to bother programming that into their bots as it's a lot more hassle to check that, much easier to just move onto the sites that have simple forms with no bot protection.

I know this is old, but... just makes my mail page go blank....... perhaps something to do with the die command?

@BrendanCookeHPR

7 жыл бұрын

Scratch that, the editor I was using was automatically adding a "$" in front of if. That fixed, working great... Gone from 40-60 spam email a day to no spam at all. Actually had to check the forms to make sure they where working properly

use reCAPTCHA that can't be read by OCR

Just so people know, this will help against a lot of the bots but not the more sophisticated ones. It is not a substitution for a captcha but can be used in less critical instances or to complement other security measures.

@codecourse

10 жыл бұрын

Indeed. This would be good coupled with another method as you mentioned. Saying that, we've had hardly any spam pass through our 'contact us' gates using this method!

@TheGryphon14

8 жыл бұрын

+Eric Cederberg Would you mind to share other solutions available? Thanks

wouldnt be for example .addClass("hidden") in jquery a more save way to prevent bots from checking display:none etc? And something like DO NOT FILL - BOT PREVENTION most people deactivating JS are able to understand that. lech00 two comments below also wrote something very nice! Dont you think?

Could someone please confirm for me that this is what is known as the honey pot spam prevention method? If not what is this kind of method actually called?

@LarsMoelleken

10 жыл бұрын

yes this is the "honey pot"-method

Really helpful thanks!

make us a full contact form with attachment

This still work in 2022, asking for a friend 😂😂🤣

Wow, thats so simple...

Genious!

Great video

very clever

Bruno Lustosa Ferrari, da uma olhada nisso aqui.

Why pick CAPTCHA when you have phpacademy !

...or you can use js like

user easyly can remove this hidden input from DOM... :)

2020

CAPTCHA is an awful method to use.. I ment awful because its not clier and annoying.. If I see any forms with captcha, register,contact forms, etc, all I do is exit page.. What I do for my forms, to prevent spam, I just generate random code, lets say (1,999) and ask to enter that number for user..This number is storred in session, so after you click submit button its not going to change, but if this session is already set, we generate another one.. Its super simple for user to enter, no eye breaking like with captcha and you can generate numbers + letters, if you think is going to be more secure..

@CharlesSamet

10 жыл бұрын

I do something similar as well... I create a simple math question on the screen, and have the user answer that. I can then verify it after the form is submitted via php. Works great... killed my bot problem in no time...

@GwidazMan

10 жыл бұрын

Yeah..thats easy for us - developers and for users to type..I dont even use math question..Just asking to type number.

Your voice🤔

My Spambot can hack it