«Home

Avoiding Automated Form Submission By Bots, Is reCaptcha The Only Answer?

How can one avoid the submission of forms to db or emails by these bots. I've heard of reCaptcha but is there some other professional way of doing it? like the one you see while signing up to yahoo where you see just the image?

Avatar
Newbie
8 answers

for php, you gd library will be doing most of the work, read ur php documentation

0
Avatar
Newbie

Hey kehers,

That's impressive. You did very well with your PHP. I guess i'll try your code out in my next project. Not to worry, you'll still be referenced as the author. Thanks.

@webMonk

That's a good one. Thanks for the link.

0
Avatar
Newbie

Hmm, captcha, captcha, captcha

WAs once in ur shoes to and had to find a way to deal with this bot thing. However, I had to write the captcha script myself (just out of fun actually and to c if I can). Attached is the captcha script that generates the random image (rename the captcha.png to captcha.php as NL no allow me upload php files). The generated text is stored in d session $_SESSION["captchaTxt"] so u can validate dat wt wat d user or bot typed.

All u need do is just put d script location in ur source: <img src="captch.php" alt="" />

But then that was then. This days I hadly do captchas. Of late Iv been trying to design from a user perspective dan dat of a developer. D developers perspectve is 'put d captcha to prevent bot' but to (most) users, captcha sucks! Personally I dont like seeing dem wen Im filling a form. So wats d work around?

What I simply do now is create a blank field in d form, tell d user to leave it blank and hide it with CSS. i.e

<div style="display:none"><label>Leave field blank</label> <input type="text" name="blank" /></div>

The 'leave field blank' is just in case (probably d user turned of CSS) he sees the field. So he will know he shouldnt fill it. But normally he wont even be aware of anything and just pass through the other fields. U can then check if d field is filled or not @ processing. If it is - it is a bot - or probably a disobedient user.

Hope that helps.

0
Avatar
Newbie

I've done alot of programming but for this, I dont' even know where to start from. I'll be expecting the codes soon. Thanks man.

I still get that reCaptcha site. I just don't like the colours used for that app. Any other links available?

all these ones na long tin!

0
Avatar
Newbie

get to learn some php, it is easily done with php, i have beening them very easily, i will post some codes on this matter some days from now, let say 2days from now, since i got alot of work at hand,

0
Avatar
Newbie

It's a nasty scenario, I feel you. After fighting a war with them, the best solution is the combination of the following:

1) Front End validation (Using Javascript - if the bot doesn't fill all the fields)

2) Back End validation (Php/Server end validation - If javascript is not enabled)

3) Captcha (If the bot fills all the fields)

The captcha is your last line of defense. I use a free one that's like yahoo and is free (See Example)

hope this helps.

0
Avatar
Newbie

Well, you could reinvent the wheel, but if it ain't broke,

To the last question, IMHO, the basics in a nutshell is for the script to compare if what is written in the textfield tallies with what text for the image displayed is correct. Of course the image displayed is selected randomly using php.

beyond that, if you're really up for it, you could add a https connection string between the script and the server so the connection to the images is secure and the algorithm isn't reverse engineered.

Personally, i think you're best off with what you have.

0
Avatar
Newbie

But how are these systems really created? I mean, how do they develop the images randomly. I've seen these on many other sites. Well, I guess we'll have to settle with the one we see. Thanks webMonk.

0
Avatar
Newbie
Your answer
Add image

By posting your answer, you agree to the privacy policy and terms of service.