display: none

[yoshida]

Hi. Some months ago I've written a form to outsmart spambots. The object was to put some hidden fields in my form, and lure the bot into using it. The message would not be posted ofcourse if either of the fields contained text. Apparently, they found a way around it. They managed to post over forty spam messages in the last two weeks.I used <div style="display: none"> rather than <input type=hidden>. Would it help to create a new class .form { display: none; } and use that instead? The ultimate goal is to block spam without the legit visitor knowing there is a blocker in action.For the record: I let the website generate a report for each blocked attempt. Above method blocked over 120 messages and IP-banned 3 spambots (for making over 20 spam attempts).Help appreciated. I'd also appreciate you notifying me if and when you develop technology based on described method.

[Anders Moen]

<input style="visibility: hidden;" />

Maybe?

[boen_robot]

Same deal... a real smap bot could be configured as a macros. That is, instead of looking and passing thru the code, it will pass thru the screen as if it's an orinary user with a cursor and keyboard commands available to it.The only way to cheat a smap bot like that would be to present it with with something unique to each page refreshing, the way CAPTCHA is. Every similar technique will require a user interaction, making the user aware of the spam protection.

[Taustin Powers]

How about NOT hiding the "trap" field, but leaving it visible on the page? You could just label it "Please leave blank" or something like that? And hide it at the bottom of the page? Yes, every user could see it, but I think I would still prefer that to the captcha method. Does that sound like it would work?

[reportingsjr]

You know what would be really cool? You put a div and say "click on the red dot", then you randomly generate a red dot in the div (the div being 100X100 or something) then the red dot is the submit button, but make it a link or something. You could use javascript and have a function, but so they dont identify and run the function generate the name randomly each time. How about that?So: you have a div with a randomly placed dot that is also a javascript link. Use a function with a randomly generated name to submit the form for you. There you go! Hopefully no more spam bots.