Skip to content Skip to sidebar Skip to footer
Home / Captcha / Forms / Javascript / Spam

Defeating Spam Registrations

Post a Comment
I am trying to learn as much as possible about running a high-profile website. I designing some user registration screens and was thinking about the typical CAPTCHA, or annoying al

Solution 1:

Most spam bots will simply look for a <form> on your page and then post data directly to the URL specified in the action attribute. This is very simple, lightweight, and easy to do.

Some spam bots will actually use a headless browser (such as PhantomJS) which executes JavaScript on the page. These spam bots are much harder to fool, but few bots use this method since it is much more expensive (in CPU and RAM).

I've found that it's generally fine to go for blocking the most common spam bots through a honeypot (field on the page that is removed programmatically, and other similar methods). Some bots will get through, and anyone who does manual analysis to find a way to exploit your page will still get in. For most sites, this is good enough, and provides a good balance in preventing spam while keeping your site usable.

Post a Comment for "Defeating Spam Registrations"