Prevent automated form spam

  Рет қаралды 33,075

Codecourse

Codecourse

Күн бұрын

Пікірлер: 62
@MitchellvanWijngaarden
@MitchellvanWijngaarden 11 жыл бұрын
In the video you're first checking if the fields (name, email and query) are set. Personally, what i'd do is first check if the "title" field has been filled in... if so, immediately invalidate the request. There is no need to first validate the actual form, since it's a bot. Cheers
@TealGhost47
@TealGhost47 4 жыл бұрын
how do you set that up
@krazymusicguy
@krazymusicguy 11 жыл бұрын
No need to check for isset() when using !empty(), as one of the equivalent sides of the empty() check is !isset().
@FFVison
@FFVison 11 жыл бұрын
Very cool idea. This is simpler and less intrusive than using a captcha script although probably not as effective. I have actually read a tutorial which uses the PHP image manipulation (gd) library to create a captcha. For those who are interested, the idea is simple. You generate a random string using a character set you wish. Hash the string and set it to a session variable. Then generate an image with the original string and apply lines and dots and stuff to make it harder for computers to read. Then on the second page, you take the input field and run it through the same hash to verify that it was typed in correctly. I know I glossed over the details, but hopefully, this should give you an idea of how to work through this. Perhaps Alex could do a tutorial on this? That would be nice.
@VaibhavYawalkar
@VaibhavYawalkar 9 ай бұрын
Great tip. Useful even in 2024.
@chetanjulka4543
@chetanjulka4543 2 жыл бұрын
Can you help me understand how to do this in CodeIgniter. I'm using $this->form_validation->set_rules('title_1', 'title1', 'max_length[0]'); Form still goes through
@estxcrew
@estxcrew 11 жыл бұрын
Wow. Added to my Useful playlist. Will use this later.
@codecourse
@codecourse 10 жыл бұрын
Great to hear. Hope it's useful for you in the future.
@Anothergames
@Anothergames 11 жыл бұрын
Added to favorites
@LosEagle
@LosEagle 11 жыл бұрын
Best PHP tutorials period.
@Xewl
@Xewl 11 жыл бұрын
I've done this a couple of weeks ago on a site, and it's very effective indeed :)
@codecourse
@codecourse 10 жыл бұрын
Great to hear it's worked for you!
@Xewl
@Xewl 10 жыл бұрын
***** Another way would be to add an anti-CRSF field, with a temporary Session ID which can be validated by the receiving code. But hey.. :D
@nut__cracker
@nut__cracker 5 жыл бұрын
I'll give this a go. Much appreciated John
@xXshadowwolf97Xx
@xXshadowwolf97Xx 11 жыл бұрын
Good job! I like your solution to form spam.
@jayeshpalshikar1392
@jayeshpalshikar1392 10 жыл бұрын
I can see how this could be implemented with JavaScript as well. Love the concept! Thanks!
@Bambamni
@Bambamni 2 жыл бұрын
This still work in 2022, asking for a friend 😂😂🤣
@PB72UK
@PB72UK 11 жыл бұрын
I use this all the time, only I don't call my class hidden , works really well, you can't really do it with jquery as a bot simply reads the raw markup ie. It would nt see any javascript code applied
@Im2be
@Im2be 11 жыл бұрын
This might work for bots that were created to mass post spam multiple sites, but if a programmer wants to create a bot to post spam this particular website, he's probably going to figure this out and implement it into the bot, so it doesn't fill in the 'title' field. You should probably add this to your description.
@BumbiSit
@BumbiSit 11 жыл бұрын
But maybe that bot can be smarter and check if input fields ar invisible, if they are, don't write anything in there.
@RollingHousesUK
@RollingHousesUK 11 жыл бұрын
yes that's certainly possible ,but until this method is in wide use nobody is giong to bother programming that into their bots as it's a lot more hassle to check that, much easier to just move onto the sites that have simple forms with no bot protection.
@ShootTillYouDrop
@ShootTillYouDrop 11 жыл бұрын
Are you still going to make a tutorial (playlist) for Laravel 4? I really want to learn it, but there aren't good tutorials. Thanks
@ompmega
@ompmega 11 жыл бұрын
Smart idea! im going to use this from now on! thanks
@dawin6710
@dawin6710 4 жыл бұрын
I did this and it, tested it, works. Thanks
@ajdrag
@ajdrag 2 жыл бұрын
Brilliant! Thank you very much.
@mateojovani
@mateojovani 10 жыл бұрын
Oh, I see what you did there!
@aamup
@aamup 11 жыл бұрын
wouldnt be for example .addClass("hidden") in jquery a more save way to prevent bots from checking display:none etc? And something like DO NOT FILL - BOT PREVENTION most people deactivating JS are able to understand that. lech00 two comments below also wrote something very nice! Dont you think?
@Wiejeben
@Wiejeben 11 жыл бұрын
Thanks :) I will keep this in mind
@GilliamFlebus
@GilliamFlebus 11 жыл бұрын
Why don't you check for the title field at the beginning of the if-statement that was already there? Also, what happens if I use the die function if my email form doesn't forward to another page but uses the same page to send it, will the email form become useless?
@jpkfox
@jpkfox 10 жыл бұрын
Because the outcome for 'title' to be set would be different. In this version if the title is set then it calls die()-function. But if everything is in the first if-statement then if title is set there would be no die-call. So we can do a special functionality in a case when title is set. Also I think its more clear for a human to read if its separated because it is a separate issue.
@wertyslash510
@wertyslash510 10 жыл бұрын
another very useful knowledge thanks you sir for all your tutorials :D
@EbbeCee
@EbbeCee 11 жыл бұрын
Just so people know, this will help against a lot of the bots but not the more sophisticated ones. It is not a substitution for a captcha but can be used in less critical instances or to complement other security measures.
@codecourse
@codecourse 10 жыл бұрын
Indeed. This would be good coupled with another method as you mentioned. Saying that, we've had hardly any spam pass through our 'contact us' gates using this method!
@TheGryphon14
@TheGryphon14 9 жыл бұрын
+Eric Cederberg Would you mind to share other solutions available? Thanks
@0wasserfall
@0wasserfall 11 жыл бұрын
Wow, thats so simple...
@herikaniugu
@herikaniugu 8 жыл бұрын
use reCAPTCHA that can't be read by OCR
@franktielemans6624
@franktielemans6624 5 жыл бұрын
This is so cool, and so easy :) Thanks a lot!
@BrendanCookeHPR
@BrendanCookeHPR 7 жыл бұрын
I know this is old, but... just makes my mail page go blank....... perhaps something to do with the die command?
@BrendanCookeHPR
@BrendanCookeHPR 7 жыл бұрын
Scratch that, the editor I was using was automatically adding a "$" in front of if. That fixed, working great... Gone from 40-60 spam email a day to no spam at all. Actually had to check the forms to make sure they where working properly
@ronniej446
@ronniej446 10 жыл бұрын
Thank you for this but I have a question is there a more complex way in avoiding spam because i think if they will try to bypass the input filled that is hidden they can still continue to spam.
@TheGryphon14
@TheGryphon14 9 жыл бұрын
How can they continue to spam if we already killed the page before submission? I don't get your point here really.
@krimbelkacem5751
@krimbelkacem5751 11 жыл бұрын
make us a full contact form with attachment
@NormanBird
@NormanBird 11 жыл бұрын
Ingenious!
@Howie12ish
@Howie12ish 10 жыл бұрын
Great video
@Excutionxx
@Excutionxx 11 жыл бұрын
Really helpful thanks!
@zolidius
@zolidius 10 жыл бұрын
Could someone please confirm for me that this is what is known as the honey pot spam prevention method? If not what is this kind of method actually called?
@LarsMoelleken
@LarsMoelleken 10 жыл бұрын
yes this is the "honey pot"-method
@hieronymus1981
@hieronymus1981 11 жыл бұрын
Why pick CAPTCHA when you have phpacademy !
@badahell
@badahell 11 жыл бұрын
very clever
@lech00
@lech00 11 жыл бұрын
...or you can use js like
@trollflix
@trollflix 5 жыл бұрын
user easyly can remove this hidden input from DOM... :)
@GwidazMan
@GwidazMan 11 жыл бұрын
CAPTCHA is an awful method to use.. I ment awful because its not clier and annoying.. If I see any forms with captcha, register,contact forms, etc, all I do is exit page.. What I do for my forms, to prevent spam, I just generate random code, lets say (1,999) and ask to enter that number for user..This number is storred in session, so after you click submit button its not going to change, but if this session is already set, we generate another one.. Its super simple for user to enter, no eye breaking like with captcha and you can generate numbers + letters, if you think is going to be more secure..
@CharlesSamet
@CharlesSamet 11 жыл бұрын
I do something similar as well... I create a simple math question on the screen, and have the user answer that. I can then verify it after the form is submitted via php. Works great... killed my bot problem in no time...
@GwidazMan
@GwidazMan 11 жыл бұрын
Yeah..thats easy for us - developers and for users to type..I dont even use math question..Just asking to type number.
@pelatho
@pelatho 10 жыл бұрын
Genious!
@MaxWilliam
@MaxWilliam 10 жыл бұрын
Bruno Lustosa Ferrari, da uma olhada nisso aqui.
@nareshs6554
@nareshs6554 2 жыл бұрын
Your voice🤔
@Nway257
@Nway257 4 жыл бұрын
2020
@herikaniugu
@herikaniugu 8 жыл бұрын
My Spambot can hack it
Properly Escaping Output in PHP to Prevent XSS Attacks
10:39
Codecourse
Рет қаралды 26 М.
How To Stop Contact Form Spam (WPForms)
5:55
Nicola Tweed
Рет қаралды 2,7 М.
Walking on LEGO Be Like... #shorts #mingweirocks
00:41
mingweirocks
Рет қаралды 7 МЛН
PHP Security: CSRF (Cross-site Request Forgery)
11:32
Codecourse
Рет қаралды 31 М.
HTML/PHP Contact Form Tutorial with Validation and Email Submit
27:28
Clever Techie
Рет қаралды 519 М.
If __name__ == "__main__" for Python Developers
8:47
Python Simplified
Рет қаралды 414 М.
Protecting against bots with the honeypot technique
3:53
Learn PHP: Callbacks
6:42
Codecourse
Рет қаралды 67 М.
PHP Security: XSS (Cross-site Scripting)
14:59
Codecourse
Рет қаралды 68 М.
Why Signals Are Better Than React Hooks
16:30
Web Dev Simplified
Рет қаралды 488 М.
This is How Bots Spam WordPress (and how to stop them)
7:26
Tony Teaches Tech
Рет қаралды 13 М.
Create a Working Contact Form in HTML that emails you (w/ spam prevention too!)
22:18
this BASH script will make you a MILLIONAIRE
19:20
NetworkChuck
Рет қаралды 727 М.
Walking on LEGO Be Like... #shorts #mingweirocks
00:41
mingweirocks
Рет қаралды 7 МЛН