SPAM Attack!

[watto]

I am receiving spam listings through my site more and more every day through this page Business Trader Register . When I go to my admin to approve new listings I always have junk listing obviously submitted by auto posting spammers.

I was thinking about incorporating a code which the user has to manually enter at the bottom of this page. Would this work? Any other suggestions would also help.

Regards

watto

[bobchrist]

You could configure SpamAssassin- e-mail spam filtering system.

[danlefree]

SpamAssassin may be useful for e-mail filtering, however, it sounds as though you need a human verification solution to validate form posts.

There are a slew of useful solutions out there, however, ReCAPTCHA is the easiest one to implement if you are not a developer.

One caution: users who have disabled off-site images may not see the ReCAPTCHA form. Be sure to include an instruction for visitors who have disabled images or are using ad-blocking software on the same page as your form, or as part of an error message displayed when your form is submitted without a valid ReCAPTCHA string.

[watto]

Thanks for the advice guys. I'll check out recaptcha and see how it goes...

Regards

watto

[sunbedkid]

One thing I might add with regard to a Captcha, is that it's not foolproof. As I have a site that suffers from Spam contact form submissions, even though there is a Captcha.

It is a never ending problem, and is the bain of my life at times. I get their i.p address submitted to me via the form, and block their access, as soon as I find out that there is an attack. Sometimes, I get hundreds before I can block 'em.

[craigmn3]

The use of of a code pasted in an unscannable graphic is the standard prevention device used for this purpose

[danners02]

another option is to include a blank form input field named "url" or "website" - either make it a hidden form field or hide the input using CSS. his hides it from human visitors.
If the input has any content on submission then you know it is an automated submission and delete automatically.
I have found this works really well.
below is the code - it will return any form fileds you add to your form - just keep 'Name' and 'Email' fields plus the hidden 'website' field.


FORM:

<form action="formail.php" method="post">
<label>Your Name</label> <input type="text" name="Name" size="12"/><br/>
<label>Telephone</label> <input type="text" name="Company" size="12"/><br/>
<label>Your Email</label> <input type="text" name="Email" size="12"/><br/>
<label>Message</label> <textarea name="Message" rows="4" cols="40"></textarea><br/>
<span style="display:none">Website <input type="text" name="website" size="34"></span>
<input type="submit" name="" value="Send Enquiry"/>
</form>


FORMAIL.PHP

<?php

if($_POST["website"] != ""){
// spam bot
exit;
}else{
// human
// continue as normal...

// Configuration Settings
$SendFrom = $_POST['Name'] . "<" . $_POST['Email'] . ">";
$SendTo = "Your Name <yourname@yourdomain.com>";
$SubjectLine = "Enquiry from Website";
$Divider = "------------------------------";

// Build Message Body from Web Form Input
$MsgBody = @gethostbyaddr($REMOTE_ADDR) . "\n$Divider\n";
foreach ($_POST as $Field=>$Value) {
if($Field != "website" && strlen($Value) > 0) {
$MsgBody .= "$Field: $Value\n";
}
}
$MsgBody .= $Divider . "\n" . $HTTP_USER_AGENT . "\n";
$MsgBody = htmlspecialchars($MsgBody); //make content safe

// Send E-Mail to admin
mail ($SendTo, $SubjectLine, $MsgBody, "From: " . $SendFrom);
// delete the initial double slash below to send to another admin recipient, replacing email address
// mail ("admincc@domain.com", $SubjectLine, $MsgBody, "From: " . $SendFrom);

$User_Name = $_POST['Name'];

// Send Autoresponse
mail ($SendFrom, $SubjectLine, "Dear $User_Name

[text for autoresponder]

",

"From: " . $SendTo);

}

?>


<html>
<body>
</body>
</html>

[watto]

where exactly would I paste this code? ( http:ww.business-trader.com.au/newuser.php )

regards

watto

[Webnauts]

Peter I think you are looking for this: GBCF-v3 - Secure and Accessible PHP Contact Form - Green-Beast.com

[Webnauts]

And add in your .htaccess file this:

Code:

### Deny Fake Bots ###
BrowserMatch "^Java/?[1-9_\.]*" bad_bot
BrowserMatch "^MJ12bot/?[1-9_\.]*" bad_bot
SetEnvIfNoCase User-Agent "^8484 Boston Project/?[1-9_\.]*" bad_bot
SetEnvIfNoCase User-Agent "charlotte/" bad_bot
SetEnvIfNoCase User-Agent "curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" bad_bot
SetEnvifNoCase User-Agent "^Heritrix/" bad_bot
SetEnvIfNoCase User-Agent "larbin/" bad-bot
SetEnvIfNoCase User-Agent "libwww-perl/" bad_bot
SetEnvIfNoCase User-Agent "^libcurl-agent/" bad_bot
SetEnvifNoCase User-Agent "IRC-Bbot" bad_bot
SetEnvifNoCase User-Agent "ISC Systems iRc Search 2.1" bad_bot
SetEnvIfNoCase User-Agent "^Jakarta\ Commons-HttpClient/" bad_bot
SetEnvIfNoCase User-Agent "^Java/" bad_bot
SetEnvIfNoCase User-Agent "^Microsoft\ URL\ Control.*$" bad_bot
SetEnvIfNoCase User-Agent "MJ12bot/v1.0.8" bad_bot
SetEnvIfNoCase User-Agent "^Missigua" bad_bot
SetEnvIfNoCase User-Agent "^Mozilla/4\.0\ .*Win\ 9x\ 4\.90.*$" bad_bot
SetEnvIfNoCase User-Agent "Nutch" bad_bot
SetEnvIfNoCase User-Agent "phpversion" bad_bot
SetEnvIfNoCase User-Agent "^TencentTraveler" bad_bot
SetEnvIfNoCase User-Agent "^Web Downloader" bad_bot
<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</FilesMatch>  

RewriteEngine on
RewriteBase /

# Known Bad Bots
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|Arachmo|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|Bbot|BecomeBot|big.brother|BlackWidow|bmclient|Boston\ Project|bot/1.0|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Clushbot|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|heritrix|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|kalooga|KWebGet|Lachesis|larbin|Leacher|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|MJ12bot/v1\.0\.8|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|MSR-ISRCCrawler|multithreaddb|my-heritrix-crawler|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|NicheBot|noxtrumbot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pingdom|Pockey|POE-Component-Client-HTTP|Powermarks|Proxy|psbot|PSurf|psycheclone|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TencentTraveler|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Yeti|zermelo|Zeus.*Webster|Zeus [NC]
RewriteRule ^.* - [F,L]

# Bots starting with Web
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR]
 
# Anywhere in UA -- Greedy REGEX
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
RewriteRule ^.* - [F,L]

[watto]

Webnauts, will adding this code alone do the trick? or should I download GBCF-v3 - Secure and Accessible PHP Contact Form - Green-Beast.com

Regards

watto

[Webnauts]

Quote:

Originally Posted by watto

Webnauts, will adding this code alone do the trick? or should I download GBCF-v3 - Secure and Accessible PHP Contact Form - Green-Beast.com

Regards

watto

You can download that form script and implement it on your site.

In addition you can add the code I posted above in your .htaccess file to block bad bots attacking your site.

[watto]

Thanks for the tip! I really appreciate it.

Regards

watto

[Webnauts]

Quote:

Originally Posted by watto

Thanks for the tip! I really appreciate it.

Regards

watto

I am sure you do Peter.

[watto]

John, I'm not really sure if I am comfitable adding all of that code to my .htaccess file???

watto

[Webnauts]

Quote:

Originally Posted by watto

John, I'm not really sure if I am comfitable adding all of that code to my .htaccess file???

watto

Then you should hire someone who can. Or?

[gavinscott]

Quote:

Originally Posted by danners02

another option is to include a blank form input field named "url" or "website" - either make it a hidden form field or hide the input using CSS. his hides it from human visitors.
If the input has any content on submission then you know it is an automated submission and delete automatically.
I have found this works really well.

The problem with this approach is that a legitimate user using autofill may inadvertently fill in the field without realising it and have their enquiry rejected. This might be avoided if you name the hidden field something nonsensical.

Instead of:

<span style="display:none">Website <input type="text" name="website" size="34"></span>

maybe:

<span style="display:none">hjk<input type="text" name="hjk" size="34"></span>

I'm not an expert though, so any comments appreciated

[Webnauts]

Quote:

Originally Posted by danners02

another option is to include a blank form input field named "url" or "website" - either make it a hidden form field or hide the input using CSS. his hides it from human visitors.
If the input has any content on submission then you know it is an automated submission and delete automatically.
I have found this works really well.
below is the code - it will return any form fileds you add to your form - just keep 'Name' and 'Email' fields plus the hidden 'website' field.

Google can follow forms and the do not like display: none. Don't you think that can lead to problems?

[watto]

webnauts, you have miss understood my post. I do know how to add this code to my .htaccess file. Quite basic actually. I said that I was not comfitable adding all of this code to the file (quite a lot of code)

Regards

watto

[Webnauts]

Quote:

Originally Posted by watto

webnauts, you have miss understood my post. I do know how to add this code to my .htaccess file. Quite basic actually. I said that I was not comfitable adding all of this code to the file (quite a lot of code)

Regards

watto

Have you ever heard this before: COPY & PASTE?

[watto]

Um, yes. What does that have to do with my post. And by the way, the code you suggested does not work. When I "COPY & PASTE" the code into my .htaccess file I can't access any pages at all. It comes up as "500 Internal Server Error"

Watto

[Webnauts]

Quote:

Originally Posted by watto

Um, yes. What does that have to do with my post. And by the way, the code you suggested does not work. When I "COPY & PASTE" the code into my .htaccess file I can't access any pages at all. It comes up as "500 Internal Server Error"

Watto

Well then your hosting package doesn't support something.

So, try to add only this part of the code:

Code:

RewriteEngine on
RewriteBase /

# Known Bad Bots
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|Arachmo|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|Bbot|BecomeBot|big.brother|BlackWidow|bmclient|Boston\ Project|bot/1.0|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Clushbot|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|heritrix|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|kalooga|KWebGet|Lachesis|larbin|Leacher|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|MJ12bot/v1\.0\.8|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|MSR-ISRCCrawler|multithreaddb|my-heritrix-crawler|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|NicheBot|noxtrumbot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pingdom|Pockey|POE-Component-Client-HTTP|Powermarks|Proxy|psbot|PSurf|psycheclone|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TencentTraveler|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Yeti|zermelo|Zeus.*Webster|Zeus [NC]
RewriteRule ^.* - [F,L]

# Bots starting with Web
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR]
 
# Anywhere in UA -- Greedy REGEX
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
RewriteRule ^.* - [F,L]

[watto]

I have added this code and it doesn't seem to be giving me any trouble. I'll leave it there for a couple of days and see if it makes a difference.

In fact I will know by tomorrow morning if it worked. It is 10pm in Sydney Australia, so I will post the results in the morning.

watto

[watto]

Unfortunately I had 5 spam listing waiting for me in my admin thismorning. So this code did not work for me.

Regards

watto

[Webnauts]

Sometimes I feel pissed off sharing things for free, which people would have paid money for. I am afraid you did not understand what it is about. Anyway, if someone has time, please explain. No time for that sorry.

And Peter, please do me a favor and take it out of your .htaccess file. I would appreciate that very much.

[Webnauts]

Quote:

Originally Posted by watto

Unfortunately I had 5 spam listing waiting for me in my admin thismorning. So this code did not work for me.

Regards

watto

Did you setup the contact form? Or you want to drive me nuts. Geesh...

[watto]

webnauts, I'm not quite sure why you always have such an aggressive tone, not oly with this post, but most of the post I see you in. If you can't help people in this forum without getting losing your cool, then don't.

I'm sorry I'm not up to speed with your knowledge of SEO. Please fogive me oh great one!!

No I didn't set up the form. I only used the code.

watto

[Webnauts]

Quote:

Originally Posted by watto

webnauts, I'm not quite sure why you always have such an aggressive tone, not oly with this post, but most of the post I see you in. If you can't help people in this forum without getting losing your cool, then don't.

I'm sorry I'm not up to speed with your knowledge of SEO. Please fogive me oh great one!!

No I didn't set up the form. I only used the code.

watto

Sorry man. Its just when I am too busy and I want to make a break, I come over here to help, hoping to feel better and then... you know. Did you ever read somewhere here me asking questions?

What upset me was, not that you are not advanced in SEO or in this case Apache configuration, but that I said before that you should setup that form and in addition you could add that stuff in your .htaccess file. That .htaccess code prevents the a huge number of bad bots to access your site and you save a hell a lot of bandwidth and resources.

One again, sorry man. And maybe you are right. I most probably should leave these forums at some point. My help is not good enough as I see. Or maybe not for you?

Well if I will still hang around here, I promise you that I will never bother you when you start threads or have questions. Endless of people appreciate my help since years now, even if some times I behave aggressive.

And I never called someone in Australia for hours trying to help someone for free as I did with you already. Anyway...

Take care.

[watto]

Apology accepted.

I'm sure you have been a great help to many people over the years on this forum. I don't doubt that. But if you are going to help people, show a little respect and have some patients with them. That's all. And I honestly do appreciate all the help I receive through this forum, but what I don't appreciate is people showing disrespect to me. I will not tolerate it from my employees and I definitely will not tolerate it from people I have never met.

Not really sure if your aggresiveness was justified in your answer. Maybe you should take a 'chill pill' and enjoy life...

I think it would be a shame if you left this forum because you do have great advice and information to share with fellow members, so why don't you 'man up' and control your aggressive comments and continue helping people in your spare time.

Remember, when you help people it is because you want to help them.

Regards

watto

[tameone]

I use a very simple solution for contact form spam. I add a text input field like "How much is 2+2?" and name it something like "captcha_answer". The correct answer to the question is hard-coded at the top of the page as <?php $correct_captcha_answer = 4; ?> (I use PHP) Then, when the visitor clicks submit, their answer is compared to the correct answer. Again in PHP:

$continue = false; //assume the answer is incorrect
if((isset($_POST['captcha_answer'])) && ($_POST['captcha_answer'] == $correct_captcha_answer)) {
$continue = true; //They got it right, so let's continue
}

if($continue) {
// process your form submission

} // END of if($continue)

I'm sure it's not failproof... human spammers will still get through, but it does help a LOT. Plus it doesn't depend on fancy tricks that can cause conflicts with things like Google's Autofill. The visitor only has to be of reasonable intelligence. I read of this trick somewhere, can't remember where, and have been using it for almost a year with good results.

Good luck to you.

[spiderbait]

Quote:

Originally Posted by gavinscott

The problem with this approach is that a legitimate user using autofill may inadvertently fill in the field without realising it and have their enquiry rejected. This might be avoided if you name the hidden field something nonsensical.

I've managed to avoid this problem (users with autofill) by using the free tools from wForms

These tools include JavaScript for validating forms, controlling conditional selections (fields hidden until user makes a particular selection) and field synchronization.

What's great about this is if you put your "website" field into a conditional selection, but don't create a method to select it, the field remains hidden at all times. And with the wForms scripts, you can choose the option that hidden fields are NOT submitted.

VOILA, since most robots aren't using JavaScript you've created a form honeypot that only robots will fill out, (autofill may fill out but won't be submitted) and your script for detecting a value in the "website" field will be able to safely trash those submissions.

NOTE: this doesn't address webnauts' comment regarding Google not liking display:none. Personally, I'm not concerned about this because don't believe it's become an issue yet. If at some point it does become an issue, I'll revisit this solution. But until then, I'm quite happy with this approach.