have a bandit day

Spam bots are like insatiable fire ants; they’ll swarm you website and pick it apart. Before you know it, your inbox will be full of “Lesbians lOOking for cOck now” or “Free v1agr4!”.

To defeat such beast, you must know how it hunts.

These bots perform similarly to googlebots, scouring your website source code looking for tasty treats like “@” or “hotmail” or input fields. The bots gather e-mail addresses or submit forms in order to propagate their unsolicited messages.

An answer to your cries of anguish: the honey pot solution.

Bots cannot think for themselves. They indiscriminately fill every text box and text area they happen upon. Trick them into revealing themselves by creating an input field seen only by robot crawlers. When the bots fill the field out with their spam, simply kill the form. With a little css and PHP sleight of hand, this option can cut your spam form submissions and remain unobtrusive to your visitors.

Begin by adding the following HTML to your page. I placed the code after your last input box and before your “submit” button. Name the input whatever you like, I stuck with ‘verification’.

HTML:

"input type="text" name="verification" id="verification"/"


In your PHP, add the following code to kill the form is the verification field has been filled out. Place the code as close to the top as possible. You can change the kill message to anything that suits your taste; keep in mind that only bots should be seeing the message, so feel free to sprinkle some profanities in.

PHP:

if (!empty($_POST['verification'])) { die(”Spambots aren’t welcome here. If you are NOT a spambot, please contact us via the telephone number listed on our Contact page. “); };

Render the input invisible by adding the following code into your css. If you named your input something other than ‘verification’, make sure the name is reflected correctly in the css.

In your css, add the following:

#verification, .verification {
visibility: hidden;
display: none;
}

If you’d like to see verification box in action, refrain from adding the css and submit the form with the verification box filled. If all goes well, the error message should pop up and no message sent. With the css implemented, the input field will be hidden and the web form should go out, smooth as silk.

A drawback becomes apparent for users that have css disabled in their browsers (those using screen readers, for example). These users may inadvertently fill in the verification box and receive the spiteful message meant for the spambots. The best workaround I’ve seen is labeling your verification box “Meant for spam prevention, do not enter text.” Though not a perfect solution, that should prevent most false positive identifications.