1

I'm working on my contact form, and I want to make it as spam-proof as possible. I'm using a few methods to as counter-attacks:

  • Validate email legitimacy w/ a JavaScript regular expression
  • Validate if all fields have adequate values
  • Make an invisible field to entice bots
  • Disable the form if JavaScript is disabled

Now, my question is will a radio button asking the individual if he/she is human be a good method to avoid bots, or do bots have the ability to select a radio button?

They may have the ability, but would they select the right one?

Please leave suggestions below!

(Preferably something not captcha. More PHP or Javascript.)

Matthew
  • 2,158
  • 7
  • 30
  • 52
  • 1
    Spambots will not care about javascript and just send requests to your php script. methods #1 and #4 are probably useless. – Bergi Jun 11 '14 at 03:38
  • Would PHP validation be a better solution? If so, w/ PHP validation could I use CSS do display errors (e.g. highlighting the fields with a red border)? – Matthew Jun 11 '14 at 03:40
  • 2
    Yes, you always will need to do server-side validation. – Bergi Jun 11 '14 at 03:43
  • 1
    Look into using [ReCaptcha](https://www.google.com/recaptcha/intro/index.html). It's free and quite good. – Erik Jun 11 '14 at 03:44

3 Answers3

1

Unfortunately, bots can select a radio button. But the invisble field is a good idea and you can also try Askimet, an anti-spam service.

Mathieu Bour
  • 666
  • 4
  • 23
1

In case of radio, spam bots may either choose default choice or the first choice. this link might help you

Community
  • 1
  • 1
optimus
  • 729
  • 2
  • 12
  • 36
1

Most bots just select the de facto form or common norms previously set up within your application.

If you're attempting to fight email spam then you're better off with server side validation of email formatting and cross referencing SPF records. This prevents abuse from the client side(and bots are basically automated client software).

A captcha is another method of preventing spam.

However the best method that has come out in the industry as of late is the use of OAUTH and requesting a service like Facebook or Google+ to get a valid email address from your users.

Dwight Spencer
  • 1,472
  • 16
  • 22