Preventing Spam Coming From Your Webform
Spam is a common problem with forms on websites (such as signup or registration forms), and it pays to be very proactive about preventing malicious form submissions.
The following techniques can greatly reduce the likelihood of spam being sent:
- Use a CAPTCHA code in your registration forms. Google's Recaptcha is one example.
- Use a double opt-in registration process. This prevents repeat spam being sent to inappropriate email addresses.
- Use the API's of one of the following services before accepting a form submission: Botscout or StopForumSpam.
- Limit the number of registrations from each IP address.
- Block IE6 (and earlier). A lot of spam is sent by zombie computers that have been hijacked by a botnet and are using IE6 or earlier. See an example script for VBulletin. Incidentally, if you are using VBulletin, you should use an anti-spam plugin.
- As mentioned here, provide a text field that is hidden from human users with style="display: none", but with an enticing name like email. Most bots will fill in something in this field, and you can filter based on that. Also mentioned here.
- Read the forums of the above sites to find alternative measures which may help reduce malicious registrations.
- Use the Cleantalk plugin or API to check form submissions.