Comments on: Avoid HTML form spam using CSS

By: paddy

paddy — Tue, 13 Dec 2011 13:31:04 +0000

Very Interesting

By: Michael

Michael — Sun, 08 May 2011 07:57:01 +0000

I’m a bit confused (though I know virtually nothing about PHP). I can’t seem to get the PHP side of this to work. It doesn’t seem right to me that the subroutine exits if nothing is found (== “”). Shouldn’t it exit if something *is* found (!= “”) in the “human” field? Either way, I can’t seem to get it to work, and any help would be appreciated in clearing this up for me. Thanks!

By: Jordan

Jordan — Thu, 03 Mar 2011 10:48:04 +0000

This trick worked for years for me, recently more and more have been getting through. Within the past month. Think there’s a spambot update spreading the net?

By: aSeptik

aSeptik — Thu, 24 Feb 2011 23:05:39 +0000

nice, but what if javascript is disabled?

By: » Avoid HTML form spam using CSS My Logbook

» Avoid HTML form spam using CSS My Logbook — Mon, 24 Jan 2011 03:07:15 +0000

[...] is a small example form: view plaincopy to [...]

By: Ashish Kumar

Ashish Kumar — Sat, 08 Jan 2011 06:59:56 +0000

Informative article, thanks for sharing such a great source
for me!!!!!!!!

By: Absurdist.Org » Blog Archive » Tutorial: Hassle-free anti-spam using CSS

Tue, 06 Jul 2010 18:56:01 +0000

[...] [Original idea from klauskjeldsen.dk] [...]

By: dr john

dr john — Sun, 10 Jan 2010 16:50:26 +0000

dave,

you place the code snippet in the php script that is the action for the form, near the very top, so it is tested before the rest of your action script runs and processes the data, and exits at that point.

Many scripts use a foreach($_POST as $value) loop to check for blank fields in the data sent, or for characters likely to be used by a hacker (; — { and similar, see SQL Injection examples), so you’d have to have a little bit of code that tested each $value and if it was your hidden field, skip the check.

By: pligg.com

pligg.com — Thu, 07 Jan 2010 20:04:16 +0000

Avoid HTML form spam using CSS…

An approach of avoiding HTML form spam is using CSS. Non-human spammers usually fills out every input field in a form and submit it, and to overcome this kind of spam you must be able to differ between real human form submits and non-human spam. A tech…

By: dave

dave — Thu, 10 Dec 2009 23:55:25 +0000

Where do you place the php script

// check if man or machine
if ($_POST['human'] == â€œâ€){
echo â€œBad doggy. Sit bobo. Sit.â€;
exit;}

in the form? Do you place it right after the “from action”?

By: Kenny

Kenny — Fri, 12 Jun 2009 14:55:24 +0000

Thanks for this! Such a simple solution.

By: chantz

chantz — Tue, 19 May 2009 05:36:38 +0000

David Brix, thanks for the PHP snippet. I’ll try it, but where in the code do you add it? Does it matter where you put it (e.g. does it have to be before fclose or something) or can you just stick it in the end? If it helps, I’m using GoDaddy’s webformmailer.php. Thx!

By: Stephanie Boucher

Stephanie Boucher — Mon, 18 May 2009 07:54:41 +0000

I’ve tried the hidden field option to distinguish human from non human, but the php form always returns an error. I’ve tried normalperson’s idea with and without Dave Brix’s modification, and no joy. Any suggestions? Stephanie

By: Trinity

Trinity — Tue, 21 Apr 2009 20:08:25 +0000

You could also hide the dummy input text field behind another div that has a higher z-index value and is sized and filled so as to obscure the dummy field from view. That way, the css of the dummy input text field could remain identical to the css of the other text fields.

I think it would be difficult very difficult for a bot to detect that another div that is positioned in front of the dummy input field.

By: BotBoy

BotBoy — Mon, 20 Apr 2009 02:26:44 +0000

Frode why would the bot bother changing the default setting?

By: Frode

Frode — Tue, 24 Mar 2009 08:41:57 +0000

Might be even better if you set a default value of the human field, and if that value changes its managed as spam?

By: Alexwebmaster

Alexwebmaster — Tue, 03 Mar 2009 08:19:54 +0000

Hello webmaster
I would like to share with you a link to your site
write me here preonrelt@mail.ru

By: YHVH

YHVH — Fri, 13 Feb 2009 18:34:02 +0000

Django does this standardly with it’s auto creation of forms. Seems to work on the sites I run.

By: Web development

Web development — Fri, 13 Feb 2009 12:54:27 +0000

See this link you can see further info on how to avoid spam without a CAPTCHA http://www.webdigi.co.uk/blog/2009/does-your-website-really-need-a-captcha/

By: Chris Done

Chris Done — Fri, 13 Feb 2009 10:03:13 +0000

Hi Viktor,

I don’t think screen readers read the DOM tree, at all. They read the screen, literally. For example, Opera. If you hide an element with CSS, the screen reader doesn’t see it. Why should it, really?

I suspect this method is perfectly fine for screen readers, but I haven’t tested it.

By: defreegames

defreegames — Fri, 13 Feb 2009 09:38:02 +0000

thanks for sharing…

By: SEO Services

SEO Services — Sun, 11 Jan 2009 23:34:14 +0000

Nice idea, I’ll have to test that out and see how well it works.

By: James

James — Sun, 21 Dec 2008 16:12:34 +0000

Wish I could edit my comments -.-
#human{
position:absolute;
top:-100px;
left:-100px;
}

By: James

James — Sun, 21 Dec 2008 16:11:53 +0000

Another thought on this is instead of hiding it altogether is placing it at an absolute value that is -top -left. This makes it invisible to humans, but spam bots still see it and will fill it in. Also has the added advantage of not producing scroll bars, and not getting the smart spam bots to skip it because it is simply hidden ie:

#human {
top: -100px;
left: -100px;
}

By: Alaina

Alaina — Wed, 03 Dec 2008 18:38:00 +0000

is there anyway you can remove that last post?