In this page you can be explained how the forms built with spam protection.
Today lot of bots,hackers came. So we have to protect the site from hackers at maximum.
Few listed here are best technique to protect your site from spam or bots.
Why we used all these techniques?
Now there are many automated form filling tools available in online.Once they plugged into the browser they have capable of automatically fill the information and submitted. It will ruin our database.Also it take time to delete. So it leads to problem.
There are many programmers or black hat hacker available now.They can program for specific application that will able to do automated tasks.
Method 1
Captcha
"Completely Automated Public Turing test to tell Computers and Humans Apart." is best method to reduce the spams.
Method 2
By hidden Fields
Robots are trying to fill the every form fields.So it may chance to fill the hidden fields or invisible fields where users are not able to do normally.
It can possible by users to change the default value of any thing that was hidden in a page.I will show you later.
Add any hidden fields like below
<input type="hidden" name="sites" value=""/>
OR
<span style="display:none"><input type="text" name="check" value="" /></span>
Humans are not able to see the hidden text box normally.
So when you submit the form you can check the hidden fields like below.
if(isset($_POST['sites']) && trim($_POST['sites'])=='') {
//do something
}else
//Pass this to error or thankyou page.
By checking above fields to null we confirm that are human only and save the application or do something
Method 3
By Dynamic varying fields names
This can greatly reduce the spams.I will demonstrate how to do now?
Create a file name file1.php
copy the below snippet and paste in your files
<?php
session_start() ;
$_SESSION['txt']['fname']='fname'.md5(rand(2,10));
$_SESSION['txt']['lname']='lname'.md5(rand(2,10));
?>
<form action="page2.php" method="post" name="dynamicfields_name">
<div>First Name</div><input type="text" name="<?php echo $_SESSION['txt']['fname'];?>" id="fname" value=""/><div>Last Name </div><div><input type="text" name="<?php echo $_SESSION['txt']['lname'];?>" id="lname" value=""/ ></div><h4 ></h4>
<div><input type="submit" value="Submit"/></div>
</form>
Browser output would be like this. Its a random number generated. so we cannot predict that.So it is secure now.
<input type="text" name="fname3ef815416f775098fe977004015c6193" value="" />
Create action page like page2.php
copy the below snippet and paste in your file
<?php
session_start() ;
if(count($_SESSION['txt'] )>0)
foreach($_SESSION['txt'] as $key=>$value) {
$$key = trim($_POST[$value]) ;
}
?>
//Now $fname equal to the random session textbox name. You cannot predict the name of the input name. So initially we store the random field names in session with known key.
Every refresh of browser would save the random field names in session key like fname,lname.
Now we have an session array of key and value as the dynamic field names.
Once we do the foreach, we can get the value as random field names and key as actual field names
foreach($_SESSION['txt'] as $key=>$value) {
$$key = trim($_POST[$value]);
}
//echo $fname;
//echo $lname;
Method 4
IP Restriction
Restrict the spam ip to protect your site.
1.)There are some web services available which provide spam ip. From which you can restrict spammers to post.Also web services return country code from that you can ban or allow the country.
2.)Store the spam ip in your database and restrict them to post.
3.)Every one in the world could not have the static ip address. There may be possible to have shared ip. Some small company or individual have shared ip. Ip is changing daily or when restart the modem.So it may not visible to them if you ban ip address. Try to examine the ip which spam daily and ban it if you cant able manage it.
4.)Some Web services available to check some factors in a posted content and return true or false.From which you can store in a database or other purpose Ex: Akismet
5.)You can restrict to post if there was a link or some headers.
6.)I was experienced some problem related to search engine. Some search engine act as a bots and post the data continuously.Also it impair the database or files if there was weakly coded.Every search engine was not genuine.
Using php:
$banip[]='xxx.xxx.xxx.xx1';
$banip[]='xxx.xxx.xxx.xx2';
if (in_array($_SERVER['REMOTE_ADDR'],$banip))
die ( "Permission denied!" );
if ( in_array($_SERVER['REMOTE_ADDR'],$banip )) {
header("HTTP/1.1 403 Forbidden");
exit; }
Using Htaccess
order allow,deny
deny from xxx.xxx.xxx.xx1
deny from xxx.xxx.xxx.xx2
deny from xxx.xxx.xxx.xx3
allow from all
Conclusions:
These above methods are effective to handle the spams. It is better to use.