I have a site where members can post on certain topics. There are many topics and I use the sleep(), sleep(20) for instance, to enact a delay in the event of a submit. I know this is not a user-friendly method but for know it's what I am implementing. My question is, will this method hold up against a bot?
<form method="post" action="/example.php">
<?php sleep(20); ?>
No. Please don't use sleep to protect yourself against bots because even under a slight load of bots, this is going to use up all of your server's HTTP connections, due to sleep() blocking the PHP threads.
Try using a honeypot (hidden form field that humans wouldn't fill out, but bots will) or CAPTCHA (request input of letters found in an image; a computationally difficult task) instead.
No this would not help because a sleep in php is the equivalent for a user as waiting a short while extra for the page to load.
To a bot there is no difference and unfortunately this would not protect you.
Have you thought of using things like captcha or a custom captcha?
It will only annoy the users as they do not like to like.
However bots are not impatient.
Better to hope for the best and that bots obey robots.txt files.
Also just check log files once in a while for persistent traffic that seems "unnatural" .
Also use summat like CAPTCHA
Well behaved bots do not do POSTs, so a robots.txt file is not going to do any good. Sleep delays aren't going to help either.
One option is to try to detect if it is a human submitting the form. The simplest way to do this is include a timestamp in a hidden form field. On submission, you check to see how long it took to fill out and submit the form. Bots are very likely going to be very quick at this, much quicker than any human. That won't stop all of them, but it should help.
