JM's Blog

Web, Society, Technology, and Innovation

« October 2005 | Blog Home | February 2006 »

December 29, 2005

A simple trick to help prevent form spam

If you have a blog or a webpage with a guestbook facility, you will have certainly experienced automated posts known as comment/form spam.

There is a simple thing you can try to prevent spammers from posting to your blog: make it more difficult for them to find how to post to your site using automated means. The HTML code for submitting a form looks as follows:

<form method="post" action="">...</form>

The action attribute above specifies the web address (URL) of the executable used to process the form results. Simply remove it and add an onsubmit attribute as shown below.

<form method="post"

I have made two changes. I now use a trivial JavaScript snippet to build the URL of the executable, and I have renamed it. The reason for using JavaScript is because comment-spamming programs are most unlikely to be sophisticated enough to understand it. Since once spammers have found a comment posting URL they will keep it and reuse it every now and then, I have also renamed the executable to start with a fresh URL.

Update: The code above is shown for demonstration purposes only. if you are thinking of implementing this setting, you should use a more serious procedure. It doesn't involve much more work.

Update: You can now get free comment spam protection with FormSmarts.

Copyright ©2008 Syronex