AUG
A simple way to ease spam from forms
Posted by under Programming, jQuery
A common request we get from many of our clients is “How do I stop spam coming through from forms on my website?”. Some client’s sites we have seen can get upto 80-100 spam emails in one day from forms on their website - this of course is very frustrating for them especially when you need to look a bit closer at these emails in case they are a genuine email.
One of the common approaches these days is to use a image verification system (usually called Captcha) but this can become very annoying for an end user especially when it is difficult to read. Plus, these forms are usually enquiry/contact forms which are very critical to help generate sales for the client so making them unattractive and difficult to a end user can reduce the number of enquiries sent.
Our Solution
One of the common traits of the scripts out there that are auto spamming all of these forms is that they are done through very simple methods and don’t support features that most broswers do such as Javascript - we can use this to our advantage.
In your form create a hidden input and make its value empty such as the sample code below:
<input type="hidden" name="js_check" id="js_check" value="" />Now create a javascript file that is loaded on the form page and insert the following code:
Raw Javascript
document.getElementById('js_check').value = 'pass';or jQuery (in document.ready)
$('input[@name=js_check]').val('pass');Then all you need to do is where the form is posted to is check that $_POST[’js_check’] is equal to ‘pass’. If it isn’t then send the user back to the form and inform them that they need javascript required to complete the form.
I would usually jump up and down here and say “oh that’s not right to depend on javascript” but honestly speaking the stats show that now 95% of people have it enabled and as long as you redirect them back informing them that they need it enabled they will know why the form was not sent.
For the amount of spam this stops for the minimal implementation time and small amount of users that maybe affected I think it is well worth adding to your forms instead of a Image Verification method.
You could take this one step further and use javascript to hide your Captcha. Then in your code, if the hidden field was empty, check to see if the captcha was filled in. People with javascript get to skip the captcha.
That’s a very good suggestion and something I just think we might think of implementing. That way people without Javascript still have a method of passing through.
Speaking of captchas I think one important rule is when generating the random code to output that you should not have certain letters like i,l,o,t and the numbers 0,1,5 as it can make it hard for a normal user to interpret at times.
nice trick
thanks
Could you post a download demo?I having some problem in the file where the form is posted (php file like sendmail) with this solution…10x.
All you would need to do in the PHP file is wrap the emailing code with a if statement checking for the value such as below:
if ($_POST[’js_check’]!=’pass’) {
// do nothing - maybe redirect somewhere?
} else {
// do email code here
}