Spam Prevention/Reduction - Contact Form?

Question

I want to add a simple Contact form to my web site so that customers can contact me easily.

    NAME
    

        

Answer 1

grep for URI methods, urlencoded characters, or the two HTML markup characters, seems to work.

Answer 2

The only (client-side) way other than a CAPTCHA type user confirmation would be to write the whole thing dynamically. A lot (but not all) of robots would probably ignore the dynamic content. Eg

document.write("<"+"form>"
  +" NAME "
  +" <"+"input type='text' name='name' /> "
  +"EMAIL "
  +"<"+"input type='text' name='email' /> "
  +"MESSAGE "
  +"<"+"textarea name='message' /> "
  +"<"+"input type='submit' /> "
+"<\/form> ");

Answer 3

You can add simple question, each serious person who wants to contact you, can easily answer. For example a field where he should enter the first letter of the domain. Most bots don't understand the question and will enter nothing or something random.

You could also try to track the time how long the user needs to input data. If he tries to send the form earlier than 5 seconds before typing the first word just don't allow to send it. Bots usually just parse the site, fill out everything and then post it and go to the next website.

Answer 4

You can just log IP ($_SERVER['REMOTE_ADDR']) and forbid re-validation with this IP during 1 minute or, more precisly, start a session, give an ID no you visitor and forbid re-validation for 1 minute (or more but bot don't like to wait).

Answer 5

If you want to do a completely front-end solution I have had success recently by leaving the form action attribute blank, and populating it via a $(document).ready function. Most spambots use a browser that has javascript disabled, or are looking for hidden fields to avoid detection.

Example:

Your html would be:

<form method="POST" action="" id="contact-form">

and anywhere in that page you can use this to populate it.

<script>
        $(document).ready(function(){
                 $("#contact-form").attr("action", "/yourMailScript.cgi");
        });
</script>

A bot browser with no javascript will not get a form action, and they will get a 404 upon submission. Anyone with a normal browser (unless they have JS disabled for paranoid reasons) will get the normal behavior.

Answer 6

I found a nice idea on this page:

http://www.evengrounds.com/developers/alternatives-to-captcha

You can make your SUBMIT button display a confirmation page, on which you explain to user that he has to hit CONFIRM button to actually send a message. Spambots would usually only submit first form and skip the second step.