I’m a web developer and we’ve deployed hundreds of sites.. most of those sites have contact forms and all of them use google’s re-captcha system.. Recently the amount of spam has gone off the scale, some how these people are evading google’s captcha system.. whether it be by paying for a service or by some other means.
I decided to try to implement a few things:
1. I wrote PHP code to check the IP address against several RBL lists on the net.
2. I wrote PHP code to implement Akisment in Joomla, customizeable for each form.
3. I wrote PHP code to check them against the great botscout service
After playing around a while I decided the best order was RBL first because it has no usage limits, Akismet next because it also has no limits and then lastly botscout because it has a 300 check per day limit with an API key and only 20 without one ( keys are free ) ..
I still noticed some getting through however.. so I implemented my own checks.. I noticed that in 90% of the cases the spammer was using a phone number of 123456 or a zip code of 123456 .. so I had a simple if statement to check those fields.. that blocked a TON … but still the occasional one has slipped through..
Lastly, I implemented a honeypot field.. this is a field on your form named “url” or “email” ( those are most common ) and then hiding it via CSS.. if the form is submitted and that field is populated, you KNOW you have a bot because human viewers can’t see that field..
So after writing those two if statements, I added them to the top .. to my surprise, checking for 123456 and the honeypot field has blocked 100% of the bots.. they don’t even make it to the services I listed above..
If you’re interested in some code snippets ( php ) let me know and I’ll share.. If there’s enough interest I will write a Joomla plugin that implements everything I’ve mentioned.