loading...

How I avoided spam form submits in my side project.

deffrin profile image deffrin joseph ・1 min read

One of the first tasks that I had done when I started my programming career was creating contact forms for websites. That was the time when I heard about captcha which are used to prevent spam form submits. We were using php scripts for generating captcha and later we used Google recaptcha.

I shifted many companies after the first one and I never experimented on any other solution.

But in one of my personal side project that I created I was receiving many spam form submits through the Sign-up page. So I done an experiment which went successful till now. I will not say this is an ideal solution. But in my case it worked.

Injecting the html form via Javascript

We normally load the html with form element which also contains the Text Inputs and Submit button. Instead of this we need to include the form element only after the page is loaded via Javascript. So the bots trying to spam our website can't get the form when they randomly crawl the website. This will not work if the spam bot uses an headless browser or something else for rendering the website and submitting the form afterwards.

I tested this in one of my site called Cherukatha.com(https://cherukatha.com/) for the signup page.

What do you think. I am open to your thoughts, ideas and suggestions. :-)

Posted on May 21 by:

deffrin profile

deffrin joseph

@deffrin

I am a backend developer from Kerala, India having experience in PHP.

Discussion

markdown guide
 

Hey Deffrin :) - I am actually using a similar technique. What I like to do is to let the form action="" attribute empty ...and with the help of Javascript ( After a short ~3 seconds delay using setTimout() ) I Will inject the proper action="" value. I think this takes care of 98% of those spam bots out there.

Cheers

 

Yes. Now I am not receiving spam registrations. I thought like you said. I will try that next time.