I had the same problem, I used a random session variable, but they still
got through.
I devised a way of avoiding several types of spam bots with some scripts
I made.
First of all, the form has no action="" when it is loaded, and therefore
the simplest spam bots won't know where to send the in
Hi Michael.
Can you think of any good reason to accept a submission via a known open
proxy? You can grab a maintained open proxy list and use it for a while
Rolan-style... to tag potential spam as an experiment. Every market is
different, but in the tech world I see no valid reason to accept
A simple but effective method I used on a couple of my clients' sites was
the hidden text field with an obvious name.
The field name is usually "email" (actual email field is something like
'user_email') - and hidden via css, not an actual type="hidden". As long as
it's submitted and empty, I can
But this hasn't helped much; I still get a few of them, though I
can't figure out how they can be generated. Any advice?
Yeah... you could add a spam/bayesian filter to your form processing
or use a web service like Akismet to see if it may be spam.
Another option would be to log the user-
Michael Southwell wrote:
I thought I was following best practices (
http://www.nyphp.org/phundamentals/spoofed_submission.php ) in
creating a comment form for a restaurant client (There is no security
issue here; the comments are emailed):
snip
But this hasn't helped much; I still get a few
