Answer the question
In order to leave comments, you need to log in
How to protect landing page forms from spam without captcha?
There is a regular landing page without cms (on html / css + form handler on php). It started spamming. How to get rid of it? I put a hidden field for spam bots, but it does not help. What other ways are there to protect without captcha?
Answer the question
In order to leave comments, you need to log in
I recommend using S3-compatible data stores. They scale easily.
Depending on your job profile, you can compare pricing across different vendors to help you evaluate your options for moving to S3. Maybe in the cloud, or maybe raise your own infrastructure.
Upload files and manage them via API. Distribute - via CDN.
Easier than simple:
1. Initially - img-button "Fill the form".
2. Form activation - on click (dynamic, in JS).
Those. don't give simple parsers the ability to determine that a page contains a form.
hide the checkbox behind overflow:hidden and write there: "I confirm" or "I confirm" or "I agree" and the like...
With the checkbox checked, after sending, we write in the same way as usual: "Thank you! Your form has been submitted."
On the server - with this checkbox, immediately banned.
And 99.9% - immediately get caught ..
As FanatPHP said , you can make trap fields. I have a slightly different method, but also quite effective:
- create SEVERAL fields, such as "phone", "homepage", "skype" and others (for which there is enough imagination). They must be valid fields, not `type=hidden`!
- make them hidden at the CSS level (make a class that will hide them, or hide them for each ID tag). By code, these fields should look as natural as possible and not differ from the rest. (so that the person does not see them, but so that the bot sees them and thinks that these are natural fields on the form).
- under the hood, make sure that these fields are empty.
- if it was a bot, it will definitely fill in these fields. And if they are filled, then pretend that everything was successful, BUT, while doing nothing under the hood. Let the bot waste time on empty hopes!
How was the hidden field used? I put a hidden field and a hidden checkbox. If one thing is filled or marked - I send 3 letters. Doesn't seem to be spamming
You can make a hidden field, the value in which is loaded by Ajax on a keypress event in the text input field (once). Of course, it doesn’t save 100%, but a large percentage of simple bots can be cut off
It is possible, as they said, to add a trap field and more real fields that will be sent without using standard names, such as name, phone. Name, for example, field_3, field_432. For yourself in the handler, you can mark which field corresponds to what. Of course, it will not protect from a serious attack, but from fools, of which the majority, just right
Make a simple trap.
For example, name the field for the name email, and for the email - name.
Well, check the presence of the dog in the email and the absence of the name.
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')){
die("Thank you for sending");
}
Load a form with jquery .load() (if this library is connected)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question