I just read a new, clever way of foiling form spam bots today.

The gist of the method is to add a field to the form and enclose it in a DIV tag that is styled via CSS to be off the page (such as setting the margin -10000 or something like that).  A human would not fill that field out, therefore if you validate the form and that field is filed in, then it’s a bot!

In the past, I’ve generally just validated all the fields to see if there was HTML code in the subject or body of the message.  Generally I find that it’s only spam bots that add HTML code (mainly links), and people don’t .  Therefore, I use CodeIgniter’s Form Validation library and do a custom callback function that strips HTML and if the two strings match, then there’s no links in the submitted form and it validates.

Actually, why don’t I just show an example!  In your controller that validates the code, add this to any field that you want to check for HTML tags…

$this->form_validation->set_rules(‘message’, Message’, ‘trim|callback__check_code’);

And then in that same controller, add this…

function _check_code ($string) {
$this->form_validation->set_message(‘_check_code’, ‘HTML tags are not allowed’);
return trim($string) == trim(strip_tags($string));

I like this new method though… I think I’ll try it out.