Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
webso2018-11-20 18:18:31
Fight against spam
webso, 2018-11-20 18:18:31

Spam protection with an invisible field - how to check the work?

We asked the programmer to create anti-spam protection on the site (comments, mail forms, shopping cart). Recaptcha from Google has been glitching lately (some users cannot place an order because of it), so we decided to put an invisible field. If it is filled, then this is a bot and an error message is displayed to it.
The programmer implemented this on the site (recaptcha was disabled) and spam began to pour in.
There are doubts that the programmer did everything right, although he claims that what we asked for is already working on the site.
Question: how to experimentally check the functionality of the installed protection to make sure that the code works as intended (or does not work)? In other words, how do you fill out a form along with an invisible validation field?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
X
xmoonlight, 2018-11-20
@webso

Ctrl+Shift+I in the browser and set the value of the field in the DOM code.
PS: But something is completely crooked there...

Report
O
Otrivin, 2018-11-20
@Otrivin

He may have technically done everything right, but it will not work as it should, due to the fact that the bot does not recognize the field as necessary to fill in, or fires it by characteristic attributes (predictable class / Id, inline display: none or another display-influencing field not marked as user data - such as "name" or "email"). Or maybe the field is added on the frontend with javascript - it will appear for a regular visitor, for a bot - maybe not.
How to check? Either from another programmer, or by asking here and providing the code. Or let the server log spam attempts into a form (at least into a text file) and then present it, since it claims that everything is working - perhaps some part of the bots bypasses, and some is blocked

Report
T
Tendor, 2018-11-20
@Tendor

Such protection does not work at all, you can not even test it.
In order for the captcha to work at least somehow, you need to transfer data from the server that you need to enter in the captcha field.

Report
A
AntonKorablin, 2019-05-26
@AntonKorablin


Application from the site +++++
Sender information:
Name: '.$name.'
e-mail: '.$email.'
Phone number: '.$number.'
message text:
'.$text.'

Similar questions
A
Alexander Che2015-09-01 19:09:39
Vulnerability problem - emails from my host. How to cure? 3Reply
P
Pavel Grishaev2017-08-12 13:04:34
Sending emails from the server - does the recipient check the MX record in DNS? 2Reply
A
akhokhlushin2020-03-08 20:09:10
How to punish a hosting provider for spam? 5Reply
A
Andrey2017-12-08 01:41:21
Return address and mail-tester? 2Reply
1
13Dimitr2018-01-18 13:04:04
How to use php to track which mobile application the client came from, for example, this is com.android.zip.music? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question