Re: Feedback junk

On 18 Feb, 20:48, Richard Cole <ispc...@xxxxxxxxxxxxxxxxxxx> wrote:
Hi

I've got a Feedback form on one of my web sites that's producing a lot of
feedback from bots trying to push web sites as if I was running a forum
(which I'm not).

I've been trying to find a way of incorporating CAPTCHA, but without the
PHP as I don't know any PHP. My Javascript is limited (I learn it from a
book), but normally I get most things working eventually, so 1st thoughts
was a bit of javascript that only displayed the submit button if the
referrer contained some information :
<script>
if (document.referrer != '-') {
document.write('<input type="submit" name="next2" value="Send"> <input
type="reset" name="next" value="Reset"></td>')
}
if (document.referrer = '') {
document.write("<p> You've come straight to this page and not from
one of my pages try again. </p>")
}
</script>
Going direct to my feedback page by typing the URL into the browser still
displays the buttons.

There's a lot of hand built form spam - it may be a real person rather
than a bot trying to build web links. The simplest first barrier to
put up is actually to check that cookies are turned on and only allow
forms to be submitted if a cookie is on (you can turn off the submit
button in JS, or even hide the form if cookies aren't on). This seems
to be the simplest and most powerful solution. Yes, some people browse
without cookies, but these tend not to be people who like to leave a
trail by submitting forms. Most bots visit sites but don't accept
cookies so these get excluded too.

Secondly you can check the referrer as you say, but interestingly our
logs get a lot of fake referrer pages - visitors deliberately leaving
a trail to a spam sites, google adlink farms, or worse poisoned,
referrer sites - presumably the aim being to catch any webmasters
following up referrer links.

Without going to a full PHP image captcha, in JS it would relatively
simple to include a 'which number is repeated twice' type question.
Create a list of 9 random numbers (say from 10 to 99) into an JS array
and repeat one at random as the 10th. Shuffle the array and display on
the form with an appropriate question. Use onsubmit to check if the
chosen number matches the chosen duplicated number (which will be held
in a JS variable). The question and answer variable will have been
created on the fly on the page and so will unreadable in the source
HTML - so unbotable.

I'd be interested to know how speech readers cope with JS dynamically
created elements on the page - will they read them or not.


Saul
www.notanant.com
Communities of websites
.

Loading