spam-prevention

Currently we are running a competition which proceeds very well. Unfortunately we have all those cheaters back in business who are running scripts which automatically vote for their entries. We already saw some cheaters by looking at the database entries by hand - 5 Star ratings with same browser exactly all 70 minutes for example. Now as the userbase grows up it gets harder and harder to identify them. What we do until now: We store the IP and the browser and block that combination to a one hour timeframe. Cookies won't help against these guys. We are also using a Captcha, which has been

By "honeypot", I mean more or less this practice: #Register form <style> .hideme{ display:none; visibility: hidden; } </style> <form action="register.php"> Your email: <input type="text" name="u-email" /> Choose a password: <input type="text" name="passwd" /> <div class="hideme"> Please, leave this field blank: <input type="text" name="email" /> #the comment is for text-browser users </div> <input type="submit" value="Register" autocomplete=off /> </form> //register.php <?php if($_POST['email'] != ''){ die("You spammer!"); } //otherwise, do the form validation and go on. ?> more info here .

I want to add a simple Contact form to my web site so that customers can contact me easily. <form> NAME <input type='text' name='name' /> EMAIL <input type='text' name='email' /> MESSAGE <textarea name='message' /> <input type='submit' /> </form> This form would simply email me the customers message. But, I also want to reduce (not, I'm not saying eliminate but at least reduce), SPAM. I've looked into using CAPTCHAs but, ultimately, I don't want to hinder the customer with having to fill out extra information. Any ideas of a good simple spam prevention/reduction method I could use for my

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Okay so does this mean that a hacker crafts some malicious JS/VBscript and delivers it to the unsuspecting victim when visiting a

What are some popular spam prevention methods besides CAPTCHA? I have tried doing 'honeypots' where you put a field and then hide it with CSS (marking it as 'leave blank' for anyone with stylesheets disabled) but I have found that a lot of bots are able to get past it very quickly. There are also techniques like setting fields to a certain value and changing them with JS, calculating times between load time and submit time, checking the referer URL, and a million other things. They all have their pitfalls and pretty much all you can hope for is to filter as much as you can with them while not