All geek questions in one place

Simple and basic form of spam: checking for Javascript?

I am trying to reduce spam forms on our website. (This is really quite recent).

It seems that I remember something that spammers do not run Javascript on the site.

It's true? And if so, then you could just check if javascript is turned off and then it's probably spam?

+4
source share
6 answers

There are still a large number of people who start with Javascript disabled.

Alternatively, I had decent success with ending spam forms using CSS. Basically, specify an input field and a label that are hidden using CSS ( display: none; ) and after submitting, check that something has been entered in the field.

I usually put the field as a spam filter with an instruction so as not to put anything in the field, but all new browsers will correctly hide the block.

reCAPTCHA is also surprisingly easy to implement.

+8
source

You can check - there is JavaScript that fills the hidden form field with a specific value after the page loads. Then, when the page returns to the server, verify that the hidden form field is expected. If not, it means JavaScript was not running.

Regarding whether it should be considered that spam is a completely different story, but in fact there is no concrete answer. You can simply have a <noscript> and tell the user that their presentation will not be executed if they did not enable JavaScript.

However, if you have JavaScript running, spammers will use another workaround for this. :)

+1
source

In the same vein, adding a dummy field and then using CSS to hide it is a good way to trick bots. If the field is submitted, you know that it was not the person who probably completed the form.

It is especially effective if you mark / name a field with something along the lines of a URL or a website .

+1
source

check out http://kahi.cz/wordpress/ravens-antispam-plugin/ for a nice answer

if placed

 <noscript><p><label for="websiteurl99f">Please type "e73053": </label><input type="text" name="websiteurl99f" id="websiteurl99f" /></p></noscript> <script type="text/javascript">/* <![CDATA[ */ document.write('<div><input type="hidden" name="websiteurl99f" value="e' + '73053" \/><\/div>'); /* ]]> */</script>

so javascript users don't see anything, not js users just type the word

if a spammer is specifically targeted at you, it won’t take long to encode it, but for a spammer disk it should be good

+1
source

I can’t remember where I saw this method, but spam bots like to fill out forms. Have you considered placing a form field that is hidden using javascript (and saying that this field is not filled out if the user does not have JavaScript). Thus, if something fills this field, you can ignore it as spam.

0
source

Are you lucky with this? I think some text browsers have implemented basic JavaScript support, so maybe spam bots too?

Otherwise, I am considering using captcha for users without JavaScript and some automatic JavaScript checking for other users.

0
source

Source: https://habr.com/ru/post/1276612/

More articles:


All Articles