Whats the easiest way of stopping spammers from probing your forms (preferably without deterring real users)
+3
A:
A captcha. Users aren't bothered by them anymore, they've gotten used to them.
http://www.captcha.net/captchas/
That seems like a good easy to set up captcha website, I've never used it, but it was early on google.
meman32
2010-07-08 15:04:23
+1, this really is best approach...
Justin Ethier
2010-07-08 15:05:24
I can't disagree more; a capatcha should be a last resort. You're being lazy and shifting your work onto your users; you will be paid back with poor user satisfaction and reduced sales or contacts or whatever you are after.
Colin Pickard
2010-07-08 15:09:40
Also, I think there is an important distinction; people have become used to *paying for free services* with their time to decode a capatcha. If you're coding e.g. a contact form, the user will have a very different perspective.
Colin Pickard
2010-07-08 15:15:37
When I say captcha I meant a very simple one. If you look at the link I inserted, the example takes around 3 seconds to decode. Similar to your "type the word orange" idea. It's just a bit more complex for computers, for humans its a piece of cake.
meman32
2010-07-08 15:21:14
I actually don't like my idea :) but it certainly is the *easiest* to implement, which is what the submitter was asking, and is a lot easier on the user than e.g. recapatcha (although recapatcha is a fine idea for really hard spam problems).
Colin Pickard
2010-07-08 15:35:03
A:
I don't know if this qualifies as deterring real users, but an easy to solve captcha should do the trick. I won't bother users very much, and it will stop auto-form-filling spammers.
Pablo Santa Cruz
2010-07-08 15:05:12
+3
A:
The simplest way may be adding an additional field with a commonly required name, like "Phone:" and then setting it to display:none; and checking whether the value is still blank on the server side. Most spam bots (not all) will be fooled and fill the field out - so you can ignore their input.
It's not perfect but it is "easy" and will stop a lot of the spam.
Failing that, yeah, Captcha.
Austin Fitzpatrick
2010-07-08 15:07:29
A:
Don't use capatchas until you have to. Most sites are not important enough to waste people's time and and attention jumping through hoops. This particularly applies if you are trying to sell something, rather than providing a free service.
Just making your form non-standard is enough. Unless you're important enough to attract someone to write code specific to your site, you can block every generic spammer by including a field labelled "please type the word orange".
If you're big enough to be targetted, start implementing behavourial spam detection, hidden fields and so on. If you're overwhelmed, the bring out the capatchas; possibly even temporarily. Your hot dog stand contact page does not deserve to waste people's time......
Colin Pickard
2010-07-08 15:07:31
it is; but it's trivial to implement and trivial to solve, which is the nearest to the question asker's requirement. Hidden fields and behavioral detection are better methods, but harder to implement properly.
Colin Pickard
2010-07-08 15:29:05
+6
A:
A very simple method is known as the honeypot
- You create a hidden field that users can't fill out.
- If you recieve a form that has that field filled out, discard it.
You can hide it by setting display none, or absolutely positioning the div behind something else, or completely off screen.
The best part is that it does not affect your regular users at all.
it might be worth labelling this field too, just in case. Or else be very careful that the field is properly hidden on all browsers, layouts and media types.
Colin Pickard
2010-07-08 15:32:00
+1
A:
I've always preferred a hidden email field combined with a simple logic question like "If ice is cold, fire is: _" or "twelve minus two is __". Just make an array of questions to keep the bots guessing. You can even make them humorous to keep your users happy.
http://textcaptcha.com/ is a good place to start. They even offer a webservice for generating random questions.
CAPTCHAS are great but a PITA to fill out IMO. There are huge accessibility concerns with even the most popular ones. I can't tell you how many times I've had to resort to the audio sample (despite having perfect vision) only to find that the audio is even harder to decipher.
Derek Hunziker
2010-07-08 15:27:12