Blocking Spam With Javascript

Status
Not open for further replies.

Forum-Engine

New Member
Hi all,

Coder Will Bontrager (willmaster.com) shared this spam busting tip with me, and I thought you might find it useful.

---------------

One of the easiest form spam reduction techniques is to put a URL in the form's action tag that goes to a regular page instead of the form handling script - a real page, not a 404, so spammers don't get notified to manually investigate your code.

Somewhere below the form, JavaScript assigns the correct URL to the action tag.

The form tag needs an id value for the JavaScript to use. Example:

<form id="handle" action="/index.html"> ... </form>

<script type="text/javascript"> document.getElementById("handle").action = "/script.php"; </script>

Spammers' robots seldom parse JavaScript, so their automated submission never reaches the form handler specified by the JavaScript.

Instead, their spam goes poof at the URL hard coded into the form tag.
 

waynewex

New Member
That's good, but if someone has JavaScript disabled, then the form will be useless. A better way of "fooling spam bots" is to create a text field that can not be seen by the user. Spam bots will try and fill out text fields, especially if those textfields have terms such as password or email in their name or id. On the server side, you should check to see if the "hidden" text field has been filled out. If it has; then it was probably a spam bot/somebody messing around. Note that I'm not talking about hidden form elements. I'm talking about creating a text field and then hiding it via CSS (display:none;)
 

Forum-Engine

New Member
Thanks much for your suggestion. It sounds good to me. Nice and simple. I just installed it in my forum software, and will be monitoring the results.

Appreciate it, good tip!
 
Status
Not open for further replies.
Top