Currently

1. I am using captcha image
2. I created text field and hide it using javascript. i want its value to be empty on server side, because bots are supposed to fill all the fields on the form. if value isn't empty it it does not process ment.
3. I also use timestamps to check how long it took while submitting the ment. I supposed if the ment was submitted within 15 seconds, it es from bot so i also stop processing the ment.

But still I couldn't control bots to submit my ments form. Please help what should I do now?

Currently

1. I am using captcha image
2. I created text field and hide it using javascript. i want its value to be empty on server side, because bots are supposed to fill all the fields on the form. if value isn't empty it it does not process ment.
3. I also use timestamps to check how long it took while submitting the ment. I supposed if the ment was submitted within 15 seconds, it es from bot so i also stop processing the ment.

But still I couldn't control bots to submit my ments form. Please help what should I do now?

• php
• javascript
• bots

Share Improve this question Follow edited Oct 31, 2012 at 13:05 user229044♦ 240k4141 gold badges344344 silver badges347347 bronze badges asked Oct 31, 2012 at 13:03 Ejaz KarimEjaz Karim 3,69666 gold badges3838 silver badges5050 bronze badges 4

• 1 add a hidden field called something obvious like 'username' and if its filled in it would show that its a bot. – Lyuben Todorov Commented Oct 31, 2012 at 13:07
• 2 They might not be bots but human spammers. – Waleed Khan Commented Oct 31, 2012 at 13:07
• How to prevent from human spammers Waleed Khan? – Ejaz Karim Commented Oct 31, 2012 at 13:10
• Do people have to register on your site? Cause if they do, you can make sure you accept people, or build an extra system in, like people have to click on a link that people have to click in their mail. I have a system people have to register, and only the admins can accept people in. This way I know who I accept and who allow to post. I can understand this is hard if its a site where you dont have to register, which makes it way harder. – Dorvalla Commented Oct 31, 2012 at 13:11

Add a ment  | 

5 Answers 5

Sorted by: Reset to default 4

Add a hidden field with a misleading id / name

<input type="hidden" id="Username" name="Username" value=""/>

If a bot es along and fills out your form, they are likely to fill in the hidden field, which users should not be able to, so just disallow the submission if the hidden field has data.

Why not implement Akismet and let them handle it for you? They have a well documented API, and thousands of people rely on it for spam prevention on Wordpress blogs. I haven't seen a spam ment in probably 3 years now using Akismet on my wife's blog.

Lyuben Todorov has suggested a good solution to prevent BOT spammers. But if you still have spam and probably its human spam, then use Akismet anti spam system.

1. Use no-follow for all links in ments. This will not prevent the spam, but it will remove much of the incentive for spamming. ( see here how it works )
2. Require user authentication to be able to ment.
3. Use non-descriptive form elements ( don't name the div "ment").

Try to create unique captcha to stop any standard bots (but if someone wants to get exactly you spammed it wouldn't work).

Another approach is to add verification by phone number.