Menu
I have a website with simple form that posts input as tweets to a twitter account.
There is no captcha or any kind of anti-spam system installed, so it's only logical that spam-bots have been posting their bogus content like crazy.
Now, I want to build a validation that does not require any sort of captcha.
This is what I've been thinking and I need your honest opinion.
If robots are posting their stuff without using mouse or keyboard (probably by using some sort of generated script), then that actually means that they cannot give any sort of focus to the form itself.
My idea is to create a simple js condition that the form cannot be submitted without gaining some sort of focus.
What do you think about this? Any other sort of similar ideas?
467
An idea of tweeting messages that have not been validated sounds pretty unsecured on its own. Still, there are a few ways to minimize the spam.
For instance, you could implement a honeypot variation that adds another field to the submission form, but in a manner that's hidden from a live user. The bot would mistakenly fill it out and you could decline the submission on the server-side - believe it or not, most comment spam comes from crawlers, so even a basic approach like this could drastically decrease the amount of malicious content submitted.
You are correct in your assumption that most robots post "without using mouse or keyboard" - it is much more trivial to do so than to simulate client-side activity. Again, you could use this to your advantage - add a field that would be JS-populated and validate its content on the server-side.
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
