I know there are a number of different options available - and I am hoping to get a list of more. It seems that whatever is out there, there are others who have a way to bypass them. Of course, there is CAPTCHA - which I do not like. I sometimes find myself hitting the little refresh icon a few times just trying to read the letters and forgot about listening to the words, I fail at that. I came across Iron Clad Captcha the other day. It looks a bit like overkill but they claim it cannot be hacked. It seems to be a little easier. I have seen a couple of others, and I think it is BotDetect CAPTCHA. This one is about the same, sometimes difficult to read. I have seen a few that ask about math calculations and thought they might be something to review / use instead. Do they seem to work some? Has anyone worked with any others?
Would be curious as to how they believe it cannot be hacked, especially with the method of captcha scraping. I'd be highly concerned about the amount of effort your asking people to do to get through the system, too many would just leave and not use the form in my opinion. There are ultimately hundreds of methods of preventing spamming which have varying levels of success at blockign spam but also varying levels of putting off true users too. Others you've missed include: Timing - set a timer for the form return based on how much info someone has to enter, if the form comes back in 1 second with 50 fields completed then reject as it is most likely a bot Hidden fields - add a hidden field like "confirm email", bot assumes this is a field to be completed so does so, humans cant see it, reject any forms with a value for this field Javascript - use javascript to complete an element on the form (could be a hidden field). Most bots don't run javascript so reject any where the field isnt completed or is completed incorrectly Simple Question - similar to the Maths question but can be something else like "what colour is grass" Almost every single method will result in some users either abandoning the form or failing validation so you really have to balance the cost of dealing with spam against the cost of loss business
yes its CAPTCHA but you also try roboot.txt if you can configure then its worked good i am not an professional but as much i know am am just share.thank you for your interest
i agree with you and special. the last one is something i use, i.e "make an open question with forexample what, where, how, ...", bots can not answer analytical.thanks for the post
I actually did consider the hidden field - assuming that it is a bot and not actually a person entering information. The code I had one my site was not working properly and with a little help - I got that working which seems to be working a lot better. I also added the referral as well - so that the users have to get to the contact page from a page in my website. Using these two functions, spam from the contact form has stopped.
Lots of good ones here. A simple one that I find works well is "Please enter the number two-hundred-thirty-seven in the security box below." Every once in a while a bot figures it out, but even that could be fixed by randomly displaying any of a few.
I got the CAPTCHA working actually - and that has cut down the spam significantly. I am thinking though of adding the hidden field a bit later. Thanks for all the input.