HTML Will browsers fill in hidden fields?

Question

HTML Will browsers fill in hidden fields?

My site suffers from many spam bots. If I have a login form:

<input name="username" type="hidden" /> <input name="password" type="hidden" /> <input name="hidden_1" type="text" /> <input name="hidden_2" type="password" />

Thus, the user actually sees the “hidden” prefix fields, and the fields with the username / password are essentially hidden. If the username or password field is presented with values, we know that the bot has filled them in and may forbid them.

My question is, do browsers automatically fill in hidden fields? Is this a pretty good technique? I know that this will not stop all bots that are semi-destructive, but if it even blocks 1 bot without affecting any real users, this is worth doing.

+4

html autocomplete

Tom gullen Mar 21 '11 at 11:02

source share

2 answers

This article can help you:

http://www.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha/

Your method is actually pretty decent, but you can still suffer from some spam, especially if the forms are filled in manually

+3

Alex Mar 21 '11 at 11:08

source share

strauberry · Accepted Answer · 2011-03-21T11:05:55+0000

I think that not all bots just look for the names "username" and "password", but also type = "password". Thus, this may not prevent access to the bot at all.

You can use a capture like ReCAPTCHA . It is free and easy to use. In addition, you can create a banlist and show 404 bots via htaccess.

HTML Will browsers fill in hidden fields?

More articles: