[thelist] Hidden fields don't stop spam

Chris Price chris.price at choctaw.co.uk
Thu Oct 29 05:22:20 CDT 2009


Thanks Lee that's really helpful.

It was a bit of shock getting a load of spam as soon as I'd put an anti-spam
measure in place.

There are other measures you might want to try in parallel, you need
> to analyse your logs ideally, for instance, if they are not requesting
> your form before submitting it, put a random validated session
> variable (or cookie value) into a hidden field to force them to fetch
> your form first.  A more extreme technique is to give your form fields
> random names - although your fields will probably appear in a constant
> order.
>
> If they are requesting your form before submitting it, you might like
> to throttle them, e.g. if you think 10 seconds is too fast to read
> your post, author a comment and submit it, reject any submissions that
> you consider too soon.  You can make this user freindly by showing a
> countdown timer by the submit button.
>
> It's also an idea to make your rejection response look exactly like
> the success response if you can.
>
> --
> Lee
> www.webdeavour.co.uk
> --
>

-- 
Chris Price
0777 629 0227

follow me at http://twitter.com/choctaw
check out http://spoonfulofdreams.co.uk



More information about the thelist mailing list