Preventing Spam

Question

How do you stop bots on a page which is accessible to registered users only? 90% page is accessed by real users and 10% are bot.

I do not want to put captcha or veri

Answer 1

Yes, CAPTCHAs are not user-friendly. There are a few techniques that you can use to prevent spams without using CAPTCHAs which some of them have been already mentioned by others:

• Smarter Server-side Validation: This is specific to the form but for example in contact us form you can filter lengthy messages or messages including a lot of URLs. Or if you expect to get an email you can ping the domain.

• Blacklist Mechanism: flag spammers by IP or phrases in a blacklist database. If you're using PHP a simple library like Guard can be helpful

• Honeypots: This is already mentioned in the accepted answer

• Time-based Protection: To check time to post a request is more than X seconds

• Score-based Google reCAPTCHA v3: This version is totally re-designed compared to the previous one and detect spams behind the scene.

I've written a post recently and you can find more in depth there.