Prevent automated form spam
Want more? Explore the library at www.codecourse.com/lessons
Official site
www.codecourse.com
Twitter
/ teamcodecourse
Want more? Explore the library at www.codecourse.com/lessons
Official site
www.codecourse.com
Twitter
/ teamcodecourse
Пікірлер: 62
In the video you're first checking if the fields (name, email and query) are set. Personally, what i'd do is first check if the "title" field has been filled in... if so, immediately invalidate the request. There is no need to first validate the actual form, since it's a bot. Cheers
@TealGhost47
3 жыл бұрын
how do you set that up
No need to check for isset() when using !empty(), as one of the equivalent sides of the empty() check is !isset().
Are you still going to make a tutorial (playlist) for Laravel 4? I really want to learn it, but there aren't good tutorials. Thanks
This might work for bots that were created to mass post spam multiple sites, but if a programmer wants to create a bot to post spam this particular website, he's probably going to figure this out and implement it into the bot, so it doesn't fill in the 'title' field. You should probably add this to your description.
Smart idea! im going to use this from now on! thanks
I'll give this a go. Much appreciated John
Good job! I like your solution to form spam.
Added to favorites
Wow. Added to my Useful playlist. Will use this later.
@codecourse
10 жыл бұрын
Great to hear. Hope it's useful for you in the future.
Best PHP tutorials period.
another very useful knowledge thanks you sir for all your tutorials :D
I can see how this could be implemented with JavaScript as well. Love the concept! Thanks!
I've done this a couple of weeks ago on a site, and it's very effective indeed :)
@codecourse
10 жыл бұрын
Great to hear it's worked for you!
@Xewl
10 жыл бұрын
***** Another way would be to add an anti-CRSF field, with a temporary Session ID which can be validated by the receiving code. But hey.. :D
This is so cool, and so easy :) Thanks a lot!
Thanks :) I will keep this in mind
I use this all the time, only I don't call my class hidden , works really well, you can't really do it with jquery as a bot simply reads the raw markup ie. It would nt see any javascript code applied
Why don't you check for the title field at the beginning of the if-statement that was already there? Also, what happens if I use the die function if my email form doesn't forward to another page but uses the same page to send it, will the email form become useless?
@jpkfox
10 жыл бұрын
Because the outcome for 'title' to be set would be different. In this version if the title is set then it calls die()-function. But if everything is in the first if-statement then if title is set there would be no die-call. So we can do a special functionality in a case when title is set. Also I think its more clear for a human to read if its separated because it is a separate issue.
Very cool idea. This is simpler and less intrusive than using a captcha script although probably not as effective. I have actually read a tutorial which uses the PHP image manipulation (gd) library to create a captcha. For those who are interested, the idea is simple. You generate a random string using a character set you wish. Hash the string and set it to a session variable. Then generate an image with the original string and apply lines and dots and stuff to make it harder for computers to read. Then on the second page, you take the input field and run it through the same hash to verify that it was typed in correctly. I know I glossed over the details, but hopefully, this should give you an idea of how to work through this. Perhaps Alex could do a tutorial on this? That would be nice.
Thank you for this but I have a question is there a more complex way in avoiding spam because i think if they will try to bypass the input filled that is hidden they can still continue to spam.
@TheGryphon14
9 жыл бұрын
How can they continue to spam if we already killed the page before submission? I don't get your point here really.
Brilliant! Thank you very much.
Can you help me understand how to do this in CodeIgniter. I'm using $this->form_validation->set_rules('title_1', 'title1', 'max_length[0]'); Form still goes through
Great tip. Useful even in 2024.
I did this and it, tested it, works. Thanks
Ingenious!
Oh, I see what you did there!
But maybe that bot can be smarter and check if input fields ar invisible, if they are, don't write anything in there.
@RollingHousesUK
10 жыл бұрын
yes that's certainly possible ,but until this method is in wide use nobody is giong to bother programming that into their bots as it's a lot more hassle to check that, much easier to just move onto the sites that have simple forms with no bot protection.
I know this is old, but... just makes my mail page go blank....... perhaps something to do with the die command?
@BrendanCookeHPR
7 жыл бұрын
Scratch that, the editor I was using was automatically adding a "$" in front of if. That fixed, working great... Gone from 40-60 spam email a day to no spam at all. Actually had to check the forms to make sure they where working properly
use reCAPTCHA that can't be read by OCR
Just so people know, this will help against a lot of the bots but not the more sophisticated ones. It is not a substitution for a captcha but can be used in less critical instances or to complement other security measures.
@codecourse
10 жыл бұрын
Indeed. This would be good coupled with another method as you mentioned. Saying that, we've had hardly any spam pass through our 'contact us' gates using this method!
@TheGryphon14
8 жыл бұрын
+Eric Cederberg Would you mind to share other solutions available? Thanks
wouldnt be for example .addClass("hidden") in jquery a more save way to prevent bots from checking display:none etc? And something like DO NOT FILL - BOT PREVENTION most people deactivating JS are able to understand that. lech00 two comments below also wrote something very nice! Dont you think?
Could someone please confirm for me that this is what is known as the honey pot spam prevention method? If not what is this kind of method actually called?
@LarsMoelleken
10 жыл бұрын
yes this is the "honey pot"-method
Really helpful thanks!
make us a full contact form with attachment
This still work in 2022, asking for a friend 😂😂🤣
Wow, thats so simple...
Genious!
Great video
very clever
Bruno Lustosa Ferrari, da uma olhada nisso aqui.
Why pick CAPTCHA when you have phpacademy !
...or you can use js like
user easyly can remove this hidden input from DOM... :)
2020
CAPTCHA is an awful method to use.. I ment awful because its not clier and annoying.. If I see any forms with captcha, register,contact forms, etc, all I do is exit page.. What I do for my forms, to prevent spam, I just generate random code, lets say (1,999) and ask to enter that number for user..This number is storred in session, so after you click submit button its not going to change, but if this session is already set, we generate another one.. Its super simple for user to enter, no eye breaking like with captcha and you can generate numbers + letters, if you think is going to be more secure..
@CharlesSamet
10 жыл бұрын
I do something similar as well... I create a simple math question on the screen, and have the user answer that. I can then verify it after the form is submitted via php. Works great... killed my bot problem in no time...
@GwidazMan
10 жыл бұрын
Yeah..thats easy for us - developers and for users to type..I dont even use math question..Just asking to type number.
Your voice🤔
My Spambot can hack it