How to do without a captcha?
Unfortunately, on many sites without special need use captcha. Although you can overcome spam and invisible to the user ways. Especially, captcha hurts to see on small commercial sites in the form of feedback, since captcha significantly reduces the conversion of such sites. For large sites that can specifically spam, such methods are not applicable. However, in most cases, you can do without captcha.
The main reasons for the abundance of captchas are that the developers, without thinking, take their cue from popular services when developing small websites and do not understand why they are spamming forms.
In most cases, forms are not spammed in order to send an advertising message to the owner. Advertising is much easier to send through the database of emails. Forms are spammed to get links to the site and this site ranked higher in the search engines. Usually links are thus obtained on doorways - automatically generated sites. Spamming cannot distinguish the feedback form from the comment form or the message in the guest book - therefore, spamming is everything. Spamming forms are not ordinary spammers, but doorwayrs for another purpose.
')
If there is a phone field in the form and it is mandatory, then a simple check: “the number of digits in the phone is more than 4” will reduce spam by several orders of magnitude. Even if the field name is phone. There is no need for spammers for feedback forms; therefore, their spammers rarely distinguish this field, but simply fill it with nonsense. By itself, this check will reduce the number of spam to 2-3 messages per month. Changing the name of the field will further reduce spam, however, it will disable the browser’s auto-completion feature.
In most cases, this method is sufficient for the feedback form.
If we add a regular input field and hide it through CSS, then users will not fill it (because they do not see it), but the spam will surely fill this field.
Many spamming robots do not support cookies and you can simply save some cookies when loading and check for the presence of cookies, after submitting the form. However, some users may have cookies disabled. If they are not available, you need to request a password separately after sending the form.
On the other hand, some spamming support cookies. But it is not necessary to transfer cookies on the form page, you can load an invisible IFrame for the user and transfer the cookie to it. Even fewer spammers load frames. This method is implemented on wordstat.yandex.ru - if you disable cookies, it will ask you for a captcha.
You can try to load cookies through a picture, even if the spamer uses the browser as a slider, then in most cases it does not load pictures. However, I am confused by the fact that Yandex organized this business through an IFrame. True, the matter may be that when Wordstat was being written, many users disconnected pictures due to the slow channel.
Most spamics do not execute JS, especially from external files. You can make an invisible field and add some code to it via JS from an external file. If the JS user is disabled, he will have to enter a captcha.
The main reasons for the abundance of captchas are that the developers, without thinking, take their cue from popular services when developing small websites and do not understand why they are spamming forms.
Why are spamming?
In most cases, forms are not spammed in order to send an advertising message to the owner. Advertising is much easier to send through the database of emails. Forms are spammed to get links to the site and this site ranked higher in the search engines. Usually links are thus obtained on doorways - automatically generated sites. Spamming cannot distinguish the feedback form from the comment form or the message in the guest book - therefore, spamming is everything. Spamming forms are not ordinary spammers, but doorwayrs for another purpose.
')
The phone has more than 3 digits
If there is a phone field in the form and it is mandatory, then a simple check: “the number of digits in the phone is more than 4” will reduce spam by several orders of magnitude. Even if the field name is phone. There is no need for spammers for feedback forms; therefore, their spammers rarely distinguish this field, but simply fill it with nonsense. By itself, this check will reduce the number of spam to 2-3 messages per month. Changing the name of the field will further reduce spam, however, it will disable the browser’s auto-completion feature.
In most cases, this method is sufficient for the feedback form.
Invisible field
If we add a regular input field and hide it through CSS, then users will not fill it (because they do not see it), but the spam will surely fill this field.
Cookies check
Many spamming robots do not support cookies and you can simply save some cookies when loading and check for the presence of cookies, after submitting the form. However, some users may have cookies disabled. If they are not available, you need to request a password separately after sending the form.
On the other hand, some spamming support cookies. But it is not necessary to transfer cookies on the form page, you can load an invisible IFrame for the user and transfer the cookie to it. Even fewer spammers load frames. This method is implemented on wordstat.yandex.ru - if you disable cookies, it will ask you for a captcha.
You can try to load cookies through a picture, even if the spamer uses the browser as a slider, then in most cases it does not load pictures. However, I am confused by the fact that Yandex organized this business through an IFrame. True, the matter may be that when Wordstat was being written, many users disconnected pictures due to the slow channel.
JS Check
Most spamics do not execute JS, especially from external files. You can make an invisible field and add some code to it via JS from an external file. If the JS user is disabled, he will have to enter a captcha.
Source: https://habr.com/ru/post/151084/
All Articles