Is setting a hidden field efficient against bot? [closed]

Asked 29/7, 2013 at 2:40 Answered 29/11, 2020 at 15:37

I am fighting against future bot spamers for my newsletter form subscription. I want to keep the form simple make the procedure fast so I do not use a captcha but an hidden form to trap bots.

Is it efficient or bots know how to recognize an hidden form and will bypass it?

Bolide answered 29/7, 2013 at 2:40 Comment(0)

Bots struggle with reading CSS or JavaScript, at least for now.

Some ways you can prevent bot spamming w/o captcha are:

            <form method="post" action="send.php">
              <ol>
                <li>
                  <label for="name">Name</label>
                  <input type="text" name="name" value="">
                </li>
                <li>
                  <label for="email">Email</label>
                  <input type="text" name="email">
                </li>
                <!-- We hide this with CSS,that's why it has an ID. -->
                <li id="user">
                  <label for="username">Username</label>
                  <input type="text" name="username">
                </li>
                <!-- //end -->
                <li>
                  <input type="submit" name="submit" value="Send It!">
                </li>
              </ol>
            </form>

As you can see the username field will be hidden. Bots can't recognize this. What you need to do after that is just validate that this field is empty on your backend code.

            <?php

            if( !isset($_POST['name'])) { die("No Direct Access"); }  // Make sure the form has actually been submitted

            $name = $_POST['name'];
            $email = $_POST['email'];
            $spam = $_POST['username']; // Bot trap

            if($spam) {  // If the hidden field is not empty, it's a bot
                die("No spamming allowed bitch!"); 
            } else {
                // Process the form like normal
            }

The process above can be done easier with the use of the module BOTCHA Spam Prevention

Also you can have a look on these articles to get a better overall view of the subject.

Green-beast and web design but you can find dozens articles like this one on the web as well

Steverson answered 29/7, 2013 at 4:0 Comment(3)

Can I directly use the html tag "hidden"? – Bolide 30/7, 2013 at 5:2

I wouldn't advise you to, as it is not supported on IE. I can't understand the reason of the downvote... – Steverson 30/7, 2013 at 5:5

What I've done is redirect direct access: die('<script type="text/javascript">window.location.href="http://url";</script>'); – Turnery 10/11, 2016 at 4:53

One efficient way is to have the form submission depend on JavaScript. Bots typically don't support JavaScript. It's not a perfect solution though..

Whitesmith answered 29/7, 2013 at 2:43 Comment(0)

An old question, but sharing my experience here, which I recently implemented.

Create some input elements which use CSS class for hiding.

     //Element to detect spam
     <input
          type="text"
          name="email"
          class="hide_me"
          id="email"

        />
       //Real element
    <input
          type="text"
          name="customer_email"
          id="customer_email"
          placeholder="Your Email"

        />
  // CSS style to hide the element    
 .hide_me{
   opacity: 0;
   position: absolute;
   top: 0;
   left: 0;
   height: 0;
   width: 0;
   z-index: -1;
}

Use javascript to check if the email field is filled. If it is filled, it is not a real person and form submission should not be done.

Drain answered 29/11, 2020 at 15:37 Comment(0)

Recommended topics

Hot tags