seasonal wanderer (angelamaria) wrote in developers,
seasonal wanderer
angelamaria
developers

Email/join form spam

I'm working on one of my linkware scripts, a part of which allows people to join (it's a script for fanlistings, if you're aware of those). Of course, spammers have found their way to it, so I'm trying to make it as spam-proof as possible. I've been doing it the "usual" way—checking for fake email, bad strings, stripping tags and trimming et al, but it doesn't seem to be working as well as I'd like; there are still those who end up in the approval queue. :p I'd like to limit this, obviously. Are are any other ways? I don't want to use captchas or otherwise making the visitor who wants to join add more fields than necessary :/

I put up the source over somewhere (http://indisguise.org/temp/show_join.txt) where you guys could see it, and if anyone would be willing to give it a look and all, I would appreciate that immensely. Thanks!

Crossposted: php, webdev, developers

UPDATE: I've been discussing with a lot of people in comments, and I wanted to summarize what I've gotten so far, and other ideas I've had myself which I may implement. Of course, if you have anything to add, I would love hearing that, too!


Akismet
As a new WordPress user, I didn't know about Akismet before a month or so ago, and I didn't know people could also use it with other scripts. I'm very interested in this solution, most especially because it looks to be relatively easy to implement. Of course, it will be optional.

• Javascript hidden field (nonce field)?
I'm sorta mixing together two comments here: one from pinterface found here, and another from neftaly found here. I'd create the dynamic value of the field using a mix of PHP and Javascript (value: "[random chars]:[timestamp]:[md5 of {previous part of field} . {secret value}]"), and then check the value on submit, and if it's wrong, give the (possibly human) person another chance. It's also fun, I can envision letting the fanlisting owner upload a photo for using, set map coords or something, etc. So, this is fun and very interesting for me, and since it will also be optional, I don't see a problem with it--just enable it on the problem fanlistings, yes? It looks to be a bit more complicated than Akismet to implement, so we'll see!

• Double opt-in through confirmation email
An interesting idea, and one I've come across before, but I'm not too keen on implementing it with this script as I've heard a few disgruntled people complain about the OPTIONAL password field (which secures their information, but they must be mad). Plus, a lot of people seem disgruntled with the amount of email they're getting when joining Enth3-run fanlistings (bah, it's SOP to send the email you just submitted to some membership site! but of course they don't care). So, implementing this would mean an extra join step, and an extra email. Both of which people complain about. I'm not keen on giving them something else to complain about. However, this is a good idea for bigger sites, of course. :)

• HTTP user agent
Yup, I already implemented this:
if( isset( $_SERVER['HTTP_USER_AGENT'] ) && $_SERVER['REQUEST_METHOD'] == 'POST' ) { ...
  • Post a new comment

    Error

    default userpic
  • 12 comments