Do you get spammed on your contact forms by bots? I might have some help for you

I’m a web developer and we’ve deployed hundreds of sites.. most of those sites have contact forms and all of them use google’s re-captcha system..  Recently the amount of spam has gone off the scale, some how these people are evading google’s captcha system.. whether it be by paying for a service or by some other means.

I decided to try to implement a few things:

1. I wrote PHP code to check the IP address against several RBL lists on the net.
2. I wrote PHP code to implement Akisment in Joomla, customizeable for each form.
3. I wrote PHP code to check them against the great botscout service

After playing around a while I decided the best order was RBL first because it has no usage limits, Akismet next because it also has no limits and then lastly botscout because it has a 300 check per day limit with an API key and only 20 without one ( keys are free ) ..

I still noticed some getting through however.. so I implemented my own checks.. I noticed that in 90% of the cases the spammer was using a phone number of 123456 or a zip code of 123456 .. so I had a simple if statement to check those fields.. that blocked a TON … but still the occasional one has slipped through..

Lastly, I implemented a honeypot field.. this is a field on your form named “url” or “email” ( those are most common ) and then hiding it via CSS.. if the form is submitted and that field is populated, you KNOW you have a bot because human viewers can’t see that field..

So after writing those two if statements, I added them to the top .. to my surprise, checking for 123456 and the honeypot field has blocked 100% of the bots.. they don’t even make it to the services I listed above..

If you’re interested in some code snippets ( php ) let me know and I’ll share.. If there’s enough interest I will write a Joomla plugin that implements everything I’ve mentioned.

3 Responses to Do you get spammed on your contact forms by bots? I might have some help for you

  1. Ryan T says:

    Lonnie, is your SPAM PHP code still working good? I noticed this blog post was from 8/2012.

    • lonnie says:

      Indeed it is.. I still use it..though I’ve mostly started using the spamhaus CBL-XBL database .. I wrote a Joomla plugin which can be found in the Joomla extensions directory.. I’ve not written it for anything else.

    • lonnie says:

      Everything I’ve written still seems to be working on all the sites I implemented it on… indeed an old post, and indeed a late response :) sorry for that.. I also have a joomla plugin that implements spamhaus’s RBL if you’re ever in need

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">