Google recaptcha on forms

  • I had honeypot and askimet but just ended up getting a lot of spam.


    Personally I avoid Google Recaptcha. No need to invite Google into your form submissions.


    It's possible to make your own anti-spam, using combinations of the honeypot field, javascript and other methods.


    I solved spam submissions on one client's contact form by pre-filling the honeypot field with a value, then looking for the string "http" in the textarea field on blur. Only if the string is not found does the honeypot field get cleared via javascript. Pretty much all spam contains links, and the client was never expecting or wanting people to add links to this field.


    This is a highly effective but brutal approach. No spam-bot will clear the honeypot field but populate others. So it's a reverse approach to the intended use of honeypot, but I found it works extremely well if you don't mind culling all messages containing "http".


    But on another site, I used an different approach for member sign-ups. Splitting the form into two pages. The first page uses a standard Perch form, with basic question or two, and javascript-only submit button. The form's action points to second page containing the actual member sign-up form. On the second page, in PHP you examine the POST data, and determine if you trust the submission. You can look for all kinds of things, or ask the user anything on first page, such as "are you a robot?", asking the user to type "no". Or you can ask them any kind of question that is relevant to the purpose of the form, or some easy maths question or anything. I used "what country are you in" for a form expecting submissions from one country only. On the second page, examine the POST data and go from there in how you handle things. You could for example re-direct to a third form for "somewhat untrusted" so they require manual approval for sign-ups.


    So many possibilities to make your own anti-spam methods without using third part services. Spam bots are dumb. It's not hard to out-smart them with very simple questions.