jquery-php-mysql Ideas how to prevent spam for classifieds ads website (spam as reply to ad)

Question

For example, ad.php contains input form where visitor types some text, clicks Send and sends message to submitter of ad. Like here http://www.gumtree.com/reply/1101434176

Idea how to prevent bots

As i understand bots do not see generated source?

So, idea for ad.php something like this:

<span id="span_send_message" style="cursor:pointer">
<u>Send message to the advertiser </u>
</span>

<div id="input_form"></div>

jquery

$(document).on('click', '#span_send_message', function(){

$.post( "show_input_form.php", { ... }, function(data_input_form) {
$("#input_form").html( data_input_form);
});

});

And show_input_form.php contains input form. So with simple View source could not see input form.

Is it effective measure against spam bots?

Reading this https://stackoverflow.com/a/826303/2118559

Technically nothing is stopping a search engine from implementing a javascript engine for their bot/spider, but it's just not normally done. They could, but they won't.

So if someone specially targets on particular website, then could create script that enters in input forms generated with jquery-ajax?

Idea how to prevent spammers humans

For example spammer gather many urls, clicks url and some automated script fills necessary fields (or simply user copy-paste). User clicks Send and sends spam to each submitter of classifieds ad.

I may create php array with "prohibited", check if word exists in the message, if exists, either do not send at all, or send mail to me and i check content.

But spammer may send something like "buy my mobile phone Samsung". There is nothing "prohibited".

Any idea how to prevent it?

Below not directly prevents it, but this is something related. It would be reasonable not to allow to send message, if visitor visits through proxy site. Here is one good example. Visit this https://www.ss.lv/msg/en/transport/cars/audi/80/gcpcn.html with normal browser, you see possibility to send email. Visit trough proxy, no possibility to click to send email. How to implement the same on website? Checked with Chrome and F12 and appears that proxy websites uses some javascript code that renders errors and possibly proxy javascript is incompatible with javascript of ss.lv. As result ss.lv javascript does not work. So seems not necessary to write some special code.

Another idea is to set one minute (or more) time limit to send next message. As understand visitor can delete cookies and change ip addresses, so i can not identify visitor in such way?

Decided to record all messages in separate table. And then use something like:

SELECT IdMessage, TextOfMessage, 
MATCH (`TextOfMessage`) AGAINST ( ? IN BOOLEAN MODE) `score`
FROM `table_name` WHERE 
MATCH (`TextOfMessage`) AGAINST ( ? IN BOOLEAN MODE)
HAVING `score` >= 8
WHERE Timestamp "during last minute"
ORDER BY `score` DESC

But if multiple normal visitors would send very similar messages, they could not send. Any ideas regarding this?

Another idea

Each message record in mysql. Send email with confirmation link to message sender. If click on confirmation link, then process to send message to submitter of ad.

Answer 1

Aren't you over thinking this issue a little? I definitely don't think you should read/write to the db additionally for each post. There are already easily implemented solutions, such as captcha.

Another simple solution would be create an array in JS of images and ask the user what is displayed. I highly doubt your site will be targeted that specifically for spam so a method like this would be effective.

If spam still happens, reassess your implementation and then possibly get more complex.