Message Board

Newbie/Basic Questions

Defeating Comment Spammer Bots

Author: J.Yard2 (5 Nov 08 1:38pm)

On the assumption that most comment spammer bots do not execute JavaScript, the following example shows how to use JavaScript to set the form action and thus requiring the JavaScript to be executed to submit the form.

If the JavaScript is not executed then the "comment_spammer.php" code is executed by default when the form is submitted, which could be used to provide a honey pot, etc. If the JavaScript is executed then when the form is submitted the "real_user.php" code is executed to accept and process the form.

<form method="POST" action="/comment_spammer.php" onsubmit="return CheckForm(this);" name="Form_Name">
. . . Your form here . . .
</form>

<SCRIPT LANGUAGE="JavaScript" type="text/javascript">
function CheckForm(theForm) {
. . . Your form check here . . .
theForm.action = "/real_user.php";
return true;
}
</SCRIPT>

Post Edited (5 Nov 08 2:23pm)

Re: Defeating Comment Spammer Bots

Author: J.Yard2 (9 Nov 08 3:57pm)

Here is another method of preventing form submissions by comment spammer bots that do not execute JavaScript.

In the form create a hidden field and set it to some seemingly meaningful value, such as a time stamp. Use a JavaScript “setTimeout” function to change the hidden field value to what will be checked for in the form submit validation and set the timeout duration to a reasonable time it would take a person to manually fill out the form.

<form method="POST" action="/Form_Submit.php" name="Form1">
<input type="hidden" name="Time_Stamp" size="19" value="MM:DD:YYYY 23:59:59">
</form>

<SCRIPT LANGUAGE="JavaScript" type="text/javascript">
setTimeout('document.Form1.Time_Stamp.value = " "', 20000);
</SCRIPT>

Form_Submit.php:
<?php
function Form_Validation() {
if (strlen($_POST["Time_Stamp"]) <> 12) print "Please be sure to read the fine print.";
}
?>

Post Edited (9 Nov 08 4:20pm)