I doubt there is anything actually new here, I've read about random ideas on this subject and had a few of these on my own, but I haven't seen anything like this in one package that's easy to use. I originally wrote for a client and it has reduced spam posts to zero since being put in place. I realize there is room for improvement, just decided to post it to get suggestions and ideas from others. This class works on all html types of forms(buttons, checkboxes etc) and is completely transparent to the end user(unless they try to spam you and their post gets dropped). There's a little demo in the zip. http://www.bpform.com/ P.S. I hate visual captchas.
The Form Name Hashing is a good idea I've thought of myself, with each unique user to have the name field with a different hash. It would make it impossible for a bot to figure out what is what. Also a good way I've found to stop bots is too just Hide the form in escaped javascript and then put it in a document.write unescape.
Yeah, the hashing is also salted with the day of the month so it's always changing. You could get creative with the salt so it's unique depending on ip, user agent etc, I just kept it basic.
Well I can write a particular bot for your site and can do it in a few hours but if I have to make a bot for captcha images , heh I would need 1000 monkeys to tell me whats on image , I just finished reading your site, and I apologize for the nuances I just said , your class do provide nearly impossible way to decode the field names so thus is better replacement for images
Dude that's ingenious! Only flaw I can find is if it's a login form and people are using things such as Roboform. If this was only used for like contact forms, then it would perfect +Rep
Great ... Here is my version http://www.vision.to/antispam-techniques.php I do have also hash and form "serial number" ... the hash contains session, time, ip, browser and file name ... etc ... spam dropped 100% analyze contact form http://www.vision.to/contact.php It could be made even harder if adding to an array different form field names for "nocomment" field, so it checks against with each page load ...