fighting spam bots

Asked 11/4, 2011 at 15:14 Answered 11/4, 2011 at 15:51

I have C# form in the site and want to prevent spam bots from filling it. The trick is, that I want to avoid CAPTHA or any other user input to avoid loosing a single registration.

Here are some techniques I have in my mind:

Hidden input field (question: is this still effective?)
Track time, since the first user input (focus on FirstName) till posting a form.. Humans will take more than 3 seconds to complete a form (even with auto-fill), where bots take a second or less to fill in registration and post it. (question: if I start timer with the first user input, when should I stop it?)
Put in the form tag a fake post url, or post form to itself, and only on Submit button click action to add a real post url with javascript. (question: wonder if new spam bots can cheat this?)

I would be glad to hear other techniques I could adopt, again, without using CAPTCHA, spam filters, form verifications and even validation. Thank you

Sumption answered 11/4, 2011 at 15:14 Comment(0)

A year ago there was a nice control for asp.net that put a hidden field on the form. With a javascript formula. Robots posted it back - and it wanted the result (stored the result first in the session). basically, as robots dont interpret the form in a browser (too slow).... ;) Most got just thrown out there.

Also, another tip: put in hidden fields for the email to address. Some (old)php forms use a mailer supportnig this. OBVIOUSLY only a robot fills that out ;) If not empty -> garbage.

Anyone else have any smart ideas? ;)

Osmund answered 11/4, 2011 at 15:17 Comment(0)

would be good to have some sort of flash which asks you to reconnect dots (so that it is interactive and doesnt require typing), and when the user does it correctly, you can post with submit to check.

Never liked CAPTCHA, especially the wierd ones where even humans have problem intepreting it :)

Upsweep answered 11/4, 2011 at 15:26 Comment(3)

it still requires an additional user input, I am trying to avoid that. – Sumption 11/4, 2011 at 15:28

LOL Stewie, not a flash fan? :D – Kalli 22/4, 2014 at 19:50

what is flash? (now that it is getting retired) ;) – Upsweep 28/4, 2014 at 14:19

I would say stick with Captcha or a similar thing where the user has to type something in.

The problem with using JavaScript is that not everyone has javascript turned on and quite a few have it turned off for various reasons.

Now if you want to really track time, send a hidden form field with the server time filled in. When the postback occurs take the delta of that with the current time. Obviously if the field is missing then you know someone directly posted.

Scarab answered 11/4, 2011 at 15:51 Comment(0)

Recommended topics

Hot tags