Click here to Skip to main content
11,934,809 members (48,781 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


3 bookmarked

Easiest Way to Handle Spammers on Contact or Comment Forms

, 13 Jun 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
Easiest way to handle spammers on contact or comment forms

Editorial Note

This article appears in the Third Party Product Reviews section. Articles in this section are for the members only and must not be used by tool vendors to promote or advertise products in any way, shape or form. Please report any spam or advertising.

What is the easiest way to prevent spam in contact or comment forms on a website?

I have a contact form on one of my websites and was getting some actual people filling out the form for legitimate reasons, but the vast majority of the content was spam from countries such as Russia and from IP addresses reported from many other countries. See my original post on "How to Handle Spammers". Sometimes the forms are filled out in groups and I suspect there is either a system that can disguise its IP address or there is a network of spam controllers running on different computers. Either way, I always found that the spammed forms had one thing in common...

Spammers Do Not Run JavaScript

At least my spammers weren't using JavaScript. So now, I could turn this observation into an advantage and simply require users to be running JavaScript in order to submit a form on the website. That's not too big a deal - I don't know any typical users that browse the web with JavaScript disabled. Have you tried it? It sucks!

This is what my form looks like in HTML. Note I am using the PUT HTML verb here instead of the typical POST or GET. The reason I use PUT is that my PHP page will not respond to the PUT method, so unless it is changed by the JavaScript to POST, activating the form won't be handled by the webserver.

<form action="" method="PUT" name="contact_form">
    Your Name: &nbsp;</div>
    <input type="text" name="name_field" size="35">*<br>
    Phone: &nbsp;</div>
    <input type="text" name="phone_field" size="35"><br>
    Email: &nbsp;</div>
    <input type="email" name="email_field" size="35">*<br>
    <input type="hidden" value="nojs (unused)" name="timedayjs" 
    <input type="submit" value="Submit" name="comment_submit_button" 
        id="comment_submit_button" disabled="disabled">

Change Your Form So That It Is Initially Disabled in HTML

  • Form Method - Set to method="PUT" to disable, but changed to "POST" for JavaScript users
  • Form Action - Set to action="" to completely disable the form and when run, JavaScript puts the correct location here
  • Form Field 'timedayjs' - This is just a form field I used to capture if the user had run the JavaScript on the page. It really could be named anything, but I choose this name to throw anyone off who actually did take the time to look at the HTML code.
  • Submit Button - This I set to disabled="disabled" so a regular user that had JavaScript disabled would notice they couldn't click on the form. Of course, a spammer could just ignore this directive, but without the correct form method and form action, the results still won't get sent to the server.

Enable Your Form using JavaScript

Below is the JavaScript code I use that requires the user to have JavaScript running which enables the form and to fixes the four configuration items that are disabled in the HTML code. I am using jQuery so the functions go in the $(document).ready function to be executed after the page is ready. If you don't use jQuery, you could put the functions in a JavaScript setupForm() function and execute in on the name_field using something like onchange="setupForm()".

<script type="text/javascript">
    $(document).ready (function() {
      $('#timedayjs').val('set by js');
      document.contact_form.method = 'post';
      document.contact_form.action = 'index.php';

All of these actions have resulted in a drastic reduction of spamming through our contact us forms on the website. Please try this code on your site. Leave a note or +1 if you feel this was helpful.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Right Handed Monkey
Chief Technology Officer WorxForUs
United States United States
I am a programmer who posts rambling on about java, Android, PHP, or whatever I am motivated to type on my charcoal colored Kinesis Freestyle2 keyboard. Please send +1's, shared links, warm thoughts of encouragement, or emasculating flames of internet fury to my blog. Why not? In fact, say anything... but please don't say 'thank'. I don't know, but something about it makes my skin crawl like an electric eel is asking to give me a kiss. No, thanks. (See there's an 's' in there. Was that really so hard?

You may also be interested in...

Comments and Discussions

QuestionNot an article Pin
Md. Marufuzzaman19-Feb-15 3:27
mentorMd. Marufuzzaman19-Feb-15 3:27 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.151126.1 | Last Updated 13 Jun 2014
Article Copyright 2014 by Right Handed Monkey
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid