Preventing Spam in Form Submissions without Using a CAPTCHA

Got a Spam Problem?

If you’re looking for a smart solution to prevent your forum/guestbook/web-application/whatever from getting flooded with junk entries.

Why You Shouldn’t Use a CAPTCHA ?

A CAPTCHA is a method to fight spam robots, by requiring the user to enter a code which is displayed as a distorted image.

CAPTCHAs May be annoying to users.

So for fight spam robots You probably don’t need CAPTCHAs. The method described here would require the spammer to sit down and adjust his scripts for your specific website. So, unless your site is an extremely attractive target for spammers, they probably won’t take that time.

Lets See The Other Method To fight spam robots

Method 1: Use CSS

What To Do?

• Declare additional form fields and hide them with CSS.
• On form submission, check if any of those fields was populated.

How This Will Work?

A spam robot will probably fill out each field it encounters. if your hidden field is populated you will found out whether it is Posted by a spam robots.

If robot understand Css then it can be bypassed

Drawback of This Method:

Users without CSS will see those “fake” form fields.

Example:

HTML Code:

<label>Leave this blank: <input type="text" class="noshow" name="leaveblank"></label><br>
<label>Do not change this: <input type="text" class="noshow" name="dontchange" value="http://" ></label>

Css Code:

.noshow { display:none; }

PHP Code:

if ($_POST['leaveblank'] != '' or $_POST['dontchange'] != 'http://') {
   // display message that the form submission was rejected
}
else {
   // accept form submission
}

Method 2: Use JavaScript

Assign Class with java script to stop spam robot to spam your email or database.

If robot understand JavaScript then it can bypassed Our Code.

Drawback of This Method:

Users without JavaScript or CSS will see the “fake” form fields.

Example:

HTML Code:

<input type="text" id="leaveblank" name="leaveblank">

JAVASCRIPT Code:

<script type="text/javascript"> document.getElementById('leaveblank').className = "noshow"; </script>

Method 3: Use Encoded JavaScript

You can Stop Spam Robots by Using Encoded javascript. You can Create an encoded javascript by using Hivelogic Enkoder

if Spam Robots understands the javascript Very well then this method can be bypassed.

Drawback of This Method:

Users without a fully compatible JavaScript engine will see the “fake” form fields.

Example:

JavaScript Code:

<script type="text/javascript"> /* <![CDATA[ */ function hivelogic_enkoder(){var kode= "kode=\")''(nioj.)(esrever.)''(tilps.edok=edok;\\\"kode=\\\"\\\\oked\\\\\\"+ "\\\\\"\\\\=document.write\\\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\s(r\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\drcnmonu.eetEge"+ "teltmyndB'Ie(vlbaaekl)nc'a.slaseN=m\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\"+ "\\\\\\\\\\\\ns\\\\\\\\\\\"\\\\oo\\\\\\\\\\\\\\\\hw\\\\\\\\\\\\\\\\\\\\\\\\"+ "\\\\\\\\;r\\\\\\\\\\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"+ "n/\\\\\\\\\\\\\\\\c\\\\\\\\\\\"\\\\);;\\\\\\\\\\\""+ "\\\\=x''f;roi(0=i;(

// You can use the date() function to change field names periodically:
// For daily changes, e.g. use:
$code = date('Yz'); // Don’t copy this 1:1 - adjust the date() parameters!
$html = "<input type='text' name='abc$code'>\n";
if (!isset($_POST["abc$code"]) {
   // reject form submission
}

CREATE TABLE `spam` (
 `ip` int(10) unsigned default NULL,
 `timestamp` timestamp NOT NULL,
  KEY `ip` (`ip`));

$ip = $_SERVER['REMOTE_ADDR'];
// when you reject a form submission:
mysqli_query("INSERT INTO `spam` SET `ip`=INET_ATON('$ip');");
// whenever somebody opens the page:
mysqli_query("SELECT `timestamp` FROM `spam` WHERE ip=INET_ATON('$ip') ORDER BY `timestamp` DESC LIMIT 1;");
if (time() - $timestamp < 120) { // 2 minutes
   // display error message to try again in 2 minutes
}
else {
   // display HTML form
}