TalkPHP
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
» Vulnerable methods and the areas they are commonly trusted in.
» Simple way to protect a form from bot
» The Basics On: How Session Stealing Works
» How to keep your forms from double posting data
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
Advertisement
Simple way to protect a form from bot
   So you start of with:

PHP Code:
$bottest $_POST['leave_blank']; 
then you include this:
PHP Code:
if (strlen($bottest) > 1)
{
    echo 
"Nice try!";
    exit;

And after that you include this in a pre-existent form like your register form
or other forms that need protection!

Code:
<div style='display:none;visibility:hidden;'>
	<input type='text' name='leave_blank' id='leave_blank'>
</div>
PS: I might come up with a better way to improve this or fix it if it doesn't work.
Please let me know.
Report this Article
Last 5 Article Reviews Read All Reviews
   Nice
Review added by SneakyWhoami on 10-01-2009
One improvement, if you're not going to be requiring emails, can be to name it "email", not "leave blank". There are a lot of bots out there that look for recognized fields and fill them out (like email fields). A "leave blank" field is less likely to be filled in by a bot.


It will stop automated bots, in spite of any skepticism.
Say I have a forum using SMF. People write bots that successfully target these forums. If you don't allow anonymous posting then this is probably not a problem, BUT the fact remains that there are auto bots that can do this.

Ultimately I guess if someone wrote a bot specifically to target your site, then you are no longer fighting a bot but a human.
So this article makes sense and it works.
If you check any page on howtocreate.co.uk, you can see he's got a hidden link. Click the link and get banned, a nice honeypot.

Google and such don't click the link because it's forbidden under robots exclusion.

Anyway, to nitpick with this article:
the second code block you've got will work in practice but technically it has a bug. The bot can submit useless data ;)

Try entering the value "1", it will get through.
Yes I'm being a smartass.

Somebody just had to come along and say it, didn't they?
   Eh.. not really...
Review added by dschreck on 06-11-2009
This may work to prevent automated scanners... maybe... but if anyone is looking to directly bot a form for a site you're running, they will do it by hand.

Even when I've created automated login systems for Hotmail, Gmail, Yahoo, AOL, MySpace, Facebook - it takes about 30 mins of dev work to figure out all of the required fields you need to pick up and post in as hash strings, and the rest you can just ignored.

This would be one of the fields I'd ignore.



   Sure this works?
Review added by hjalmar on 05-24-2009
I have found that alot of bots ignores an element that is hidden with display: none;

I simply use a technique where you just push the desired element outside of the screen instead with negative values and it has worked like a charm, never got a single spam after that.

So like:

#element{
position: absolute;
left: -9999px;
}

   Nice basic start
Review added by CoryMathews on 12-21-2008
This is a good way to start out but it will easily be broken a large number of times by different bots.

I had this at first but then upgraded it to have a small bit of javascript that updates the field with the time elapsed so after a reasonable amount of time when a real user submits the page it works, but when a bot comes through and submits it in under a set period of time then its no good. This seems to have worked decently so far but I'm sure there are many ways out there much better than this one.

All times are GMT. The time now is 01:07 PM.

 
     

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design