Prevent Spam on HTML forms...

[Rudy]

Hey guys,
I've been having some real problems lately with spam being submitted on some forms on a website I run. A few nights ago, I added a PHP Captcha to the form, but it doesn't seem to have done much in reducing the amount of spam.

So now, as well as the captcha, I'm trying to implement another way to "trick" the spam bots... I want to have a hidden text box in my form that, when it is submitted with a value, will prevent the form from going through.

The following code is what I have so far. But I still can't seem to get the text box to be 'hidden': (Notice I'm not using the attribute type='hidden'... I'm trying to hide it another way - mainly so that the spam bots don't know it's "hidden" if you know what I mean)

This is part of the code found at http://www.huntsources.com/list.php (The actual form) -

<form method=POST action="list.php" name="list">
<input type="hidden" name="submitted" value="submitted">
<div class="form_01">
<label for="first_name">First name:</label>
<input title="Visually impaired users: do not enter anything in this box" type="text" name="first_name" id="first_name" value="" onKeyUp=" val = this.value; if (val.length > 0) { alert('Please place your cursor in ‘Name’ box to start your message'); this.value = val.substring(0,0); emailform.focus() } this.form.count.value=0-parseInt(this.value.length); ">
</div>

Now here's my css, found in http://www.huntsources.com/main.css:

#form_01 {
visibility: hidden;
display: none;
}

Any ideas why this is not working?

Also, do you have any other suggestions on ways I can curb the amount of spam I'm getting?

Once it is working on this page, I'm going to implement it onto other forms on the same website.

Thanks for any help,
David

 

[Noobie]

<div class="form_01">

should be

<div id="form_01">

OR
change

#form_01 {
visibility: hidden;
display: none;
}

to

.form_01 {
visibility: hidden;
display: none;
}

 

[Kate]

...
Also, do you have any other suggestions on ways I can curb the amount of spam I'm getting?

Check your web server logs and ban the IPs via .htaccess.
Also check the user agent. If it's automated spam by a script it could be an odd user agent string like PHP or whatever. You could disallow it as well.

 

[Rudy]

Thanks for the responses. With the help from Noobie, I got the form working properly now. Let's see if it helps....

Good suggestion sdsinc, Thanks. I'll definitely keep that in mind.

- David

 

[Tree]

What CAPTCHA script are you using? Bots shouldn't be able to get past a well-coded one.

 

[Rudy]

Hey Tree,
I'm not sure how well-coded it is... It's one I found on the internet, and modified a little. Here's the code I'm using:

(On the form):

<img src="captcha.php" alt="Validation Key">

(In the PHP verifying the Submission):

 // Checks for correct Validation Key
$key=substr($_SESSION['captcha'],0,5);
$number = $_POST['captcha_number'];
if ($number != $key) {
$incorrect_validation = 'yes';
}

And here's the code in captcha.php:

<?php

session_start();
$RandomStr = md5(microtime());
$ResultStr = substr($RandomStr,0,5);
$NewImage =imagecreatefromjpeg("images/captcha.jpg");


$font = imageloadfont("fonts/captcha.ttf");
$LineColor = imagecolorallocate($NewImage,233,239,239);
$TextColor = imagecolorallocate($NewImage, 255, 255, 255);
imageline($NewImage,1,1,50,100,$LineColor);
imageline($NewImage,1,50,50,10,$LineColor);
imageline($NewImage,30,50,150,30,$LineColor);
imagestring($NewImage, 5, 30, 10, $ResultStr, $TextColor);

$_SESSION['captcha'] = $ResultStr;

header("Content-type: image/jpeg");
imagejpeg($NewImage);
?>