I just read a new, clever way of foiling form spam bots today.
The gist of the method is to add a field to the form and enclose it in a DIV tag that is styled via CSS to be off the page (such as setting the margin -10000 or something like that). A human would not fill that field out, therefore if you validate the form and that field is filed in, then it’s a bot!
In the past, I’ve generally just validated all the fields to see if there was HTML code in the subject or body of the message. Generally I find that it’s only spam bots that add HTML code (mainly links), and people don’t . Therefore, I use CodeIgniter’s Form Validation library and do a custom callback function that strips HTML and if the two strings match, then there’s no links in the submitted form and it validates.
Actually, why don’t I just show an example! In your controller that validates the code, add this to any field that you want to check for HTML tags…
[php]
$this->form_validation->set_rules(‘message’, Message’, ‘trim|callback__check_code’);
[/php]
And then in that same controller, add this…
[php]
function _check_code ($string) {
$this->form_validation->set_message(‘_check_code’, ‘HTML tags are not allowed’);
return trim($string) == trim(strip_tags($string));
}
[/php]
I like this new method though… I think I’ll try it out.