ASM | a blog

18

Feb 09

unobtrusive spam bot fixing?

==NOTE: Nothing here will work copy pasted, the quotes are all messed up==
Im not sure if this would work as I dont know how man, if any, spam bots use javaScript. But if very few of them do, then this should be a very simple solution to drastically reduce form submitted spam, WITHOUT your users needing to type in those damn captua things.

Using mootools, you can so very easily target parts of HTML elements. So lets take a look at how we could use this to fix this issue.

Lets say you have the following form

The spam bot can easily fill out this out, and because the form has the action info, it knows where to send it to etc.

So now say you changed it to this:
<form id=”myForm” action=”wrongPlace.php” method=”post”>
<input type=”name” name=”firstName” />
<input type=”name” name=”lastName” />
<input type=”submit” name=”submit” value=”submit” />
</form>

We then capture everything going to wrongPlace.php, so we can see what was spammed (I love it, just not on my site).

In mootools we include some javaScript in the pages head that is something like this (remember to fire only after the DOM is ready).

$(’myForm’).set(’action’, ‘rightPlace.php’);

Now, in javaScript we just changed where the form posts to (from wrongPlace.php to rightPlace.php), and everything works.

But what about your non javaScript people out there. Well, if you must… Just have wrongPlace.php require a challenge question before doing what you wanted it to do, and everyone is happy. Your non javascript spam bots dont know what’s up, and 95% of your users dont have any extra steps to prove they are human.

If you dont use mootools, or cant target the action of a forum, just use a hidden input like so
<input id=”challenge” type=”hidden” name=”challenge” value=”wrong” />

then pure js (been a while) should be something like getElementById(’challenge’).value=’correct’;

Comments are closed.

18

unobtrusive spam bot fixing?

Tags

Categories