A better technique to stop spam?
A couple of weeks ago I wrote an entry on how to outsmart comment spam with javascript. Although this is a good technique, it has a drawback - code maintenance. If there is a change to the mark up of the form, it is more time consuming to alter the javascript than the HTML.
To overcome this problem and still out smart spam, I've been testing a new method which uses javascript to change the form action. In it's simplest form the javascript can look like this:
<script type="text/javascript" charset="utf-8">
function redirectForm(form){
form.action = '';
form.submit();
}
</script>
<form action="/no-javascript" onsubmit="redirectForm(this);" method="post" accept-charset="utf-8">
<p><input type="text" name="test" /></p>
<p><input type="submit" value="Submit" /></p>
</form>
N.B. The default action for Symphony forms is to submit to the same page, which is why the action is set to empty string.
If you use multiple forms that have different actions, you could expand the javascript to handle those as well:
<script type="text/javascript" charset="utf-8">
function redirectForm(form, action){
form.action = action;
form.submit();
}
</script>
<form action="/no-javascript/" onsubmit="redirectForm(this, '');" method="post" accept-charset="utf-8">
<p><input type="text" name="test" /></p>
<p><input type="submit" value="Submit" /></p>
</form>
This is just a start, there's more you can do to make this JS smarter (but I'll let you figure that out). So far this technique has worked great for me. Remember to setup a real page for the fake submission url (e.g. "/no-javascript/"), so that authentic users of your site without JS enabled are alerted that there submission was unsuccessful.
To get an idea on how much spam you've stopped, check your server logs to see for the number of requests to your fake submission url.
Please leave a comment with your thoughts on this technique vs the previous one, or if you know of another solution to stop spam.