The easiest way ?? Not to have any forms at all !!!!
Personally when introducing forms on my site, I beef them up a little bit. I probabaly use way too much security but then again, that's better than none at all.
Heres some i use:
- Server and client side validation.
- Log how many times the user is submitting forms, say if they are spammers, this will block them off after x number of times of posting.
- Some users may not be spammers, they may just keep on pressing the submit button. Include a bit of js code to account for that.
- CAPTCHA's are not your enemy !! They are your friend, anything that protects you against a wealth of spamming is ok in my book.
- The bot's you're trying to not let in ? These like search ro - bots ?? There's plenty of good material out there to help you distinguish between a real user and a bot. Check out www.4guysfromrolla.com
- I've also got checks against where the user is posting from.
Sure, there's a lot of work to be done if you don't like the spammers / flooders on your site. It's taken me approximately 5 - 10,000 lines of code to get anywhere near happy with what I have (and I do concede the amount of checks I use is too many). Hopefully there's some pointers there as to how you can safeguard your forms.
Topic Options
Post Options
Thanks(0)
