BotBlock protecting public forms against spam

Posted on Tuesday, Jan 17, 2012 by TitanKing

article_No Spam.png

(PHPDevShell 3.1.2+) You will most certainly come across your developed form being spammed to death by some random bot who started harvesting your forum and found a public form to submit junk to. Sure it can be eliminated with captcha, however, we find this very unprofessional on simple forms. You also probably learned by now that most end users have very low IQ, finding the captcha almost impossible to complete.

In the end it should not be the end user who gets punished because of a stupid bot. This is I developed BotBlock for PHPDevShell. It monitors public form posting behaviors and reacts if it is suspected of being a spam bot. It does various behind the scene tests which will stop 99% of all automated bots without interfering with the form or expecting user input.

To use is very simple, it will be implemented inside your controller. For an example look at PHPDevShell plugin, inside controllers/user/email-admin.php. First thing we will be doing is to call the class;

/* @var $spam botBlock */
$spam = $this->factory('botBlock');
Note the comment above the code, if you are using Netbeans this will allow you to have auto completion for any callable class through factory simply by adding that comment.

Next we will need to add the spam stop and check part, this part needs to be added after the rest of the form approved the content and the submitted form is now ready to be processed.

if ($crud->POST('send_mail')) {
	if (!$crud->isEmail('email_from')) $crud->error(_('Please provide a valid email address'));
	
	// The last check should be spam by using $spam->block()
	if ($crud->ok() && $spam->block()) {
		// Send email and save entry.
	}
}

This is not all, we have another trick up our sleeve to trick the bot with, this is by means of fake fields. The fake fields gets hidden and passed fails the form as soon as the bot completes them. To activate this additional check simply pass this inside your forms tags.

	// $fake_fields will contain the extra fields and will automatically hide it.
	$fake_fields = $spam->botBlockFields();

	// You can now pass it to your views.
	$view->set('fake_fields', $fake_fields);

	// Remember to create a {$fake_fields} in your Smarty template between your forms tag.

Now you have an excellent silent bot block monitoring your forms.

PHPDevShell © 2010 - All rights reserved.