Comments on: Fighting Spam with CSS

By: patrick

patrick — Fri, 25 Jul 2008 14:38:35 +0000

@stan: as I mentioned to Peter as well, using javascript won’t do anything if a spider is filling out the form. That’s why using your server-side script is the only way to go.

By: patrick

patrick — Fri, 25 Jul 2008 14:37:40 +0000

@peter: the only thing to remember with your solution, is spammer spiders don’t read javascript… so doing it with javascript wouldn’t make a difference.

Obviously if someone really wanted to, they could write a custom script for your site… but it’s rare. If you are a larger site, I would recommend using reCaptcha or something similar in addition to this.

By: Stan, the logoand web design man

Stan, the logoand web design man — Sun, 13 Jul 2008 06:06:16 +0000

Is there javascript validation code that would void a form if text is entered in the hidden text box?

Thanks and great advice!

By: Peter Marreck

Peter Marreck — Thu, 10 Jul 2008 01:31:57 +0000

This works until any spammer decides to write some simple code to detect which is the honeypot field. The only way around this is to randomize the honeypot field and use some javascript to calculate which field it actually is and then hide that, but this incurs an additional dependence on javascript while also staying theoretically defeatable given enough effort to defeat it and widespread adoption of it to make the effort worthwhile.

I would just use a reCaptcha, they make it pretty easy.

By: Totonet

Totonet — Thu, 03 Jul 2008 08:20:45 +0000

Great tip!!! Thanks for sharing.

By: Code It Red

Code It Red — Thu, 19 Jun 2008 22:07:10 +0000

I love it! You really did think outside the box here and came up with an innovative solution!

By: Miracle studios -- web design

Miracle studios -- web design — Tue, 10 Jun 2008 07:20:23 +0000

Spam has killed my time……. i hope your article will stem the flow of spams ….

By: Jason Marsh - Website Designer

Jason Marsh - Website Designer — Wed, 28 May 2008 15:51:07 +0000

Very clever, he he love it thanks for the great tip!

By: j

Sun, 18 May 2008 13:33:34 +0000

I am currently using a perl formail script called formail.pl and I have no idea how to integrate the php code. Can some one help with that. Do you have the form action call both scripts on submit? Not sure how to implement this.

By: Greg Hartwig

Greg Hartwig — Sun, 02 Mar 2008 14:00:32 +0000

This is a cool technique. I just finished implementing it on all my forms.

Another good trick to mention: As tempting as it is to rub your spammer’s face in the fact that you caught them, it’s MUCH better to simply act like they tricked you and NOT output any special message when you catch them. Just act like you sent the form when you didn’t. If you tell them it didn’t work, they’ll just try harder to get through. Let them think they’re done.