Can anyone suggest the best ways to counter SPAM on forms – we’ve got a captcha in place but spam still seems to be getting in.
Is it possible to do the following…
On a form check if the POST request has come from the form submitted from that site (and not a form using the same action). If the request has come from the site accept otherwise don’t & simply ignore the request.
Also – is it possible to do something server-side to stop DDOS style attacks – as the spammer to our site seems to be sending thousands of requests in a very short space of time.
Can anyone suggest any other good anti-spam methods for Codeigniter (v2) that doesn’t hinder the user too much. Thanks in advance.
I like the “honey pot” technique. Basically put a hidden field on your form, with an empty value. Validate the field as part of the form submission. If the field != empty – then it was a bot, so fail the submission. Bots tend to just fill in all the fields on a form automatically.
Yes – its called CSRF – Codeigniter has it built in. Turn it on in your config file, and use form_open() on your forms. Thats it
Yes – put a “last submit” field in your session for each user. Or IP. Or however you want to track the spammer. On each form submission, check the last submit time, if it is less than X seconds (where X is whatever number you feel comfortable with – says 5 seconds) – then fail the form due to it being submitted too often.
The other option is to record when the form was “served” to the user, and also fail if it is X seconds after request (i.e. takes a normal person 30seconds to fill in your form – so 2 seconds means a bot).
p.s. using the above means you’ll be able to remove the Captcha 🙂