I've just been looking at pcpro.co.uk and came across this clever way of fooling those automatic bots that just fill out the forms because they can !
seems a nice idea
Clever idea
It had occurred to me that these bots simply fill in all the form fields and submit the page, so perhaps there would be a simple way to confuse them? If we put an extra field on the form that wasn’t used, and hid this using CSS “visibility: hidden”, a human user wouldn’t see it, and so wouldn’t enter anything into it; a bot, however, would be fooled into filling the field.
All we’d then have to do is test to see if this field contained anything; if it did, we could simply dump that form, since it must have come from a bot.
I wasn’t sure this would work, since it depended on bots not using the page’s stylesheet to render it. It turns out, however, that I needn’t have worried – it worked like a dream.
Five minutes of coding was all it took to stop the spam submissions. It’s a useful technique that you’re free to use on your own sites,
It had occurred to me that these bots simply fill in all the form fields and submit the page, so perhaps there would be a simple way to confuse them? If we put an extra field on the form that wasn’t used, and hid this using CSS “visibility: hidden”, a human user wouldn’t see it, and so wouldn’t enter anything into it; a bot, however, would be fooled into filling the field.
All we’d then have to do is test to see if this field contained anything; if it did, we could simply dump that form, since it must have come from a bot.
I wasn’t sure this would work, since it depended on bots not using the page’s stylesheet to render it. It turns out, however, that I needn’t have worried – it worked like a dream.
Five minutes of coding was all it took to stop the spam submissions. It’s a useful technique that you’re free to use on your own sites,
Comment