Optimising against spam without captcha

Question

this is not meant as a discussion, but if this helps against crawler or spam-bots.

Captchas are not userfriendly and do not look nice...that´s why I thought about trying somethin like this:

<form><input type="text" name="name"> <input type="hidden" value="" name="surname" /></form>

and check if the input type hidden (to check if its a bot) is filled (submit.php).

if (!empty($_POST['surname'])){
    $error2 = "You are a Bot.";
}

My question is:

Would that work or would crawler or bots ignore input types which are hidden?

Or would it be better to wrap a <div style="display:none;"></div> around it?

Technicly it works (if i fill that field with a value)...but i don´t know if something like this would pretend myself from getting annoying spam..

thanks for reading/other solutions which would be userfriendliy.

_"Would that work or would crawler or bots ignore input types which are hidden?"_ - are we supposed to know _all_ bots and their behavior? — CBroe, May 31 '13 at 08:58
It would also be very easy to work around, should anyone want to try. Captchas work because image recognition is hard; but figuring out what is visible and what is not in a machine-readable HTML document is not hard: all browsers do it fine... — tucuxi, May 31 '13 at 09:02

score 5 · Accepted Answer · answered May 31 '13 at 09:02

These kind of fields are called honeypot fields and the idea is to hide them using css, not to use a hidden field.

It is your decision if you want to use them, and you will need to do some research. There is some criticism to using them, an example being the fact that screen readers used for accessibility might see those fields and read them.

You can also check this option that uses a simple checkbox: http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins/

Note: I think that you should add captcha only if you are sure that you will have a spam problem, or you already have this issue, not from the start without knowing if you really need it.

score 3 · Answer 2 · edited May 23 '17 at 12:05

3

Maybe you can try to handle the bot question on the PHP side only, check out this it may help how to detect search engine bots with php?

edited May 23 '17 at 12:05

Community

1
1

answered May 31 '13 at 08:55

Jaay

2,103
1
16
34

this looks like something that would work nice for a form! Thanks. – Top Questions May 31 '13 at 08:57

score 2 · Answer 3 · answered May 31 '13 at 09:07

2

Adding empty CSS-hidden field and checking for input is one of the options.

Try checking for weird browser-info $_SERVER['HTTP_USER_AGENT'].

Allow minimum open fields, rely on radio buttons, dropdown selectors, check fields...

Do not allow posting HTML / URL addresses....

Problem is, spammers adapt, you should adapt too.

answered May 31 '13 at 09:07

Jan Kocbek

31
4

problem is: Contactforms mostly do have open fields...BUT the salutation is always a must choose field on mine: And it´s a – Top Questions May 31 '13 at 09:09
Thanx for the +1 :) Personally i think that you should not rely on your user's williness to solve your problems. Even small captcha is still a captcha. – Jan Kocbek May 31 '13 at 09:16

Optimising against spam without captcha

3 Answers3