Blocking Spam With Javascript

Not open for further replies.
Hi all,

Coder Will Bontrager ( shared this spam busting tip with me, and I thought you might find it useful.


One of the easiest form spam reduction techniques is to put a URL in the form's action tag that goes to a regular page instead of the form handling script - a real page, not a 404, so spammers don't get notified to manually investigate your code.

Somewhere below the form, JavaScript assigns the correct URL to the action tag.

The form tag needs an id value for the JavaScript to use. Example:

<form id="handle" action="/index.html"> ... </form>

<script type="text/javascript"> document.getElementById("handle").action = "/script.php"; </script>

Spammers' robots seldom parse JavaScript, so their automated submission never reaches the form handler specified by the JavaScript.

Instead, their spam goes poof at the URL hard coded into the form tag.
That's good, but if someone has JavaScript disabled, then the form will be useless. A better way of "fooling spam bots" is to create a text field that can not be seen by the user. Spam bots will try and fill out text fields, especially if those textfields have terms such as password or email in their name or id. On the server side, you should check to see if the "hidden" text field has been filled out. If it has; then it was probably a spam bot/somebody messing around. Note that I'm not talking about hidden form elements. I'm talking about creating a text field and then hiding it via CSS (display:none;)
Thanks much for your suggestion. It sounds good to me. Nice and simple. I just installed it in my forum software, and will be monitoring the results.

Appreciate it, good tip!
Not open for further replies.
Award-winning Mac antivirus and Internet security software