How To Stop The Spammers Without CAPTCHA? (Case Study)

Hello first time visitor!

You know the CAPTCHA images (called also Turing codes) are used everywhere – on blogs, forums, registration and contact forms – to stop spammers. They work almost perfect.

But they are boring.

The Captcha can significantly decrease the rate of feedback (comments) you get on your blog, the contact inquiries you receive, the registrations on your membership site or even the orders on your e-store.

They are discriminative to people who can’t see well and often confuse these who are not used to them.

Some Captcha-s are hard to be “decoded” even from a well seeing person.

By rough estimate requiring the users to enter Turing code can decrease their participation with up to 50% percents.

There are some other methods to stop the spam bots, which are less discriminative than the Captcha. For example some blogs will ask you “How much is 1 + 5″ or “Is the fire hot or cold?” to check if you are human and not a bot. These methods are good, but they also require the active participation of the user and can push them off.

The Elegant Solution To Stop Spam Bots

I implemented this solution for a site which was using custom coded by me CMS system. There were no Turing codes or any other tools to prevent from spamming and the site quickly get flooded with spam comments.

Let me take you straight to the solution. It sopped 100% of the spam comments:

  1. Create a hidden field in the feedback (comment, registration or whatever) form
  2. Add Javascript code which fills some specific value in this field when the document get loaded
  3. When the form is submitted, check if the hidden field has exactly the value which should have been filled with the Javascript code. If it does not have it, then the comment is spam.

Here is an example:

<script language=”javascript”>
function cheatSpammers()
{
//give the hidden field some meaningful name, like for example “website”. The spambot
//will fill it with some crap or will ignore it document.getElementById(“website”).value=”http://google.com/”;
}
</script>

Now in the body, start the function:

<body onload=” cheatSpammers();”>

Then in the contact/comment form, add the hidden field. We will not make it “hidden”, to avoid smarter bots which can mark such field as suspicious. Instead, we’ll make it hidden with CSS:

<style type=”text/css”>
.websitefield
{
display:none;
}
</style>

<input type=”text” class=”websitefield” name=”website”>

This is VERY simple and it works 100%. The spam bots cannot run Javascript. Only browsers can do.

Of course, if a spammer write a spam bot especially for your site, they can just take the value from the javascript and fill it. But the spammers use generic bots for many sites, so this simple solution works perfectly.

Do you have even better ideas how to outsmart the spammers? Please share!

3 Responses to “How To Stop The Spammers Without CAPTCHA? (Case Study)”

  1. That’s great idea, thanks!

  2. […] time ago I wrote about how to stop spammers without Captcha. The technique described there works pretty sweet on several sites already, but there is a way to […]

  3. Not all users will have javascript turned on which may exclude some of users

    If spam bots dont use browsers – cant you just check to see if a recognised browser is being used in php or whatever server side script your using to process the form?

    Chris

Leave a Reply