Is setting a hidden field efficient against bot?
I am fighting against future bot spamers for my newsletter form subscription. I want to keep the form simple make the procedure fast so I do not use a captcha but an hidden form to trap bots.
Is it efficient or bots know how to recognize an hidden form and will bypass it?
Answer
Bots struggle with reading CSS or JavaScript, at least for now.
Some ways you can prevent bot spamming w/o captcha are:
<form method="post" action="send.php">
<ol>
<li>
<label for="name">Name</label>
<input type="text" name="name" value="">
</li>
<li>
<label for="email">Email</label>
<input type="text" name="email">
</li>
<!-- We hide this with CSS,that's why it has an ID. -->
<li id="user">
<label for="username">Username</label>
<input type="text" name="username">
</li>
<!-- //end -->
<li>
<input type="submit" name="submit" value="Send It!">
</li>
</ol>
</form>
As you can see the username field will be hidden. Bots can't recognize this. What you need to do after that is just validate that this field is empty on your backend code.
<?php
if( !isset($_POST['name'])) { die("No Direct Access"); } // Make sure the form has actually been submitted
$name = $_POST['name'];
$email = $_POST['email'];
$spam = $_POST['username']; // Bot trap
if($spam) { // If the hidden field is not empty, it's a bot
die("No spamming allowed bitch!");
} else {
// Process the form like normal
}
The process above can be done easier with the use of the module BOTCHA Spam Prevention
Also you can have a look on these articles to get a better overall view of the subject.
Green-beast and web design but you can find dozens articles like this one on the web as well