Question
I typically only do front-end UI. But, on a project I have been working on I had to make a form. The form works, with emails coming through, but unfortunately an incredibly large amount of spam is coming through. I've added a CAPTCHA input but that doesn't seem to have reduced the amount of spam very much if at all.
After some research, it seems a honeypot is the best option. However because I don't know a lot about php and javascript (working on this :) ), I'm not sure what the best code for this is or where to put it.
However I haven't been able to find a clear guide on how to do this.
So my question is; Does anyone know of a clear guide that has instruction on how to make and implement a honeypot input (with the server side conditional code)?
Any help is appreciated. Thanks.
P.S. The form is "in a lightbox", so that may affect things.
Solution
https://stackoverflow.com/questions/20556635
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<form>
<input name="not-honeypot" type="text">
<input name="honeypot" type="text" style="display: none">
</form>
<?php
if (!empty($_POST['honeypot'])) {
// this is a spam!
}
Note display: none for [name=honeypot]. If your spammers a smart enough to not fill hidden fields, you need another way to hide honeypot field from a user. Or not hide it at all.
OTHER TIPS
It's actually really simple. I'll attempt from memory, so typos are expected. You can always google for a more solid answer as I'm sure there're few tutorials out there.
<form method = "POST" action = "post.php">
<input type = "email" name = "email>
<input type = "email" name = "emailb">
<input type = "submit">
</form>
$(document).ready(function(){
$(".another[attribute='emailb']").hide();
});
<?php
if (!empty($_POST['emailb']))
throw new Exception("SPAAAAM");
You need to do it with javascript as most automated bots won't be using it. However, you also want to check for the number of forms sent in X minutes from that IP and few other options to prevent even more. Note: don't automatically dissable it, show a recaptcha as a last-line measure.
spam is / could be:Spam could consist of:
1. More uppercase charcters than lowercase
2. More whitespaces than text
3. Very short posts (eg 10 characters long)
1. if (strlen(preg_replace('![^A-Z]+!', '', $post)) > strlen(preg_replace('![^a-z]+!', '', $post))){
//spam post
}
2. if(!isset($post) || strlen(strip_tags($post))<150){
//too short - spam post
}
3. if (strlen(preg_replace('/\S/', '', $post)) > strlen(preg_replace('/\s+/', '', $post)))
{
//spam post
}
This will not stop the spam, but it should filter quite a bit of it.
