I need a simple PHP form spam proection method that doesn't require GD to be installed (eg. CAPTCHA).

Does anyone have any clues?

5 answers

Masey 0
This was chosen as the best answer

In the end I had some success with a sweet little script called "Cool PHP Captcha". Thanks everyone for your help and advice though.

Cheers ~ Masey

Answered about 10 years ago by Masey

Check out reCAPTCHA. I have been using it for a couple years now and haven't had any problems other than people not being able to read the CAPTCHA and not seeing the refresh icon, so I have added an extra line with instructions on how to get a different CAPTCHA. I also know that reCAPTCHA is used on a lot of larger sites, doesn't require a lot of extra PHP libraries (usually none at all), and can be heavily customized. And in the end, you basically need to do nothing other than display it and use their code to check. You can find their instructions on how to set it up here: http://recaptcha.net/plugins/php/

Answered about 10 years ago by Darryl Hein
  • Unfortunately the client doesn't like the reCAPTCHA interface. Otherwise I'd use this solution for sure. Masey about 10 years ago
  • I second reCAPTCHA because in addition to being a great CAPTCHA tool, it helps scan books! Nathan DeGruchy about 10 years ago
  • What don't they like about the interface? The interface can be pretty much customized to whatever you want. I know stakeoverflow has a lot less of an "interface", but still uses reCAPTCHA. (I'll get a screen shot next time I see it.) Darryl Hein about 10 years ago

If you want DEAD simple. Ask a very simple question, "what color is the sky?" and validate it against "blue". Something like this is the simplest thing you can do to thwart spam. If you do this, be sure to tell the user why they need to answer such a silly question.

Answered about 10 years ago by Ben Shoults
  • I hadn't thought of that. I may give that a go and see what happens. I guess to be EXTRA safe you could post a colored box (GIF) and ask the user what color it is. A bot wil never be able to pick up the color of the box right?? Masey about 10 years ago
  • Masey, that might create accessibility problems for color-blind people. Guillermo Esteves about 10 years ago
  • I like this solution, but I think most spam bots don't just hit a form blindly. They go around trying to find ones that don't have protection on them. Initially I would say this would scare them away, but once they figure out the solution, they just need to populate the input with "blue" everytime and they can spam like crazy! Darryl Hein about 10 years ago

I made my own which I've added to the Portfolio section of my site. I'm sure there are pre-built options out there, but making my own seemed a good thing to try. I created a few different images in Photoshop, each with random characters on, I think there are about six in total. When my form loads I generate a random number between 1 and 6 in PHP. Each number is linked to displaying a different image and a corresponding hidden form field whose value is the same as what's on the image. If the user enters the correct code in the text field it will match the value of the hidden field and pass the check. I haven't had any problems since releasing it. The advantage is that you can make the images fit in nicely with the style of your site. I wasn't sure if a spam bot could read the names of the image files so to be safe I didn't name the files the same as the text in them, i.e. an image with a random code of A456HT would simply be named spam-check-1.gif.

Answered about 10 years ago by Edward Williams
  • Yes there are spam bots that can pull out the answers to Captchas from the file name, with a sample set of only 6 images even the most barely persistant spammer would be able to solve your Captcha. Chris Marisic about 10 years ago
Bastijn 13

I believe MathGuard does that but I have never ever used it.

MathGuard is free PHP class that everyone can use as anti-spam protection for the website forms. It's also a suitable solution when there is no PHP GD support from the webhosting company.

This class can be used to perform CAPTCHA validation presenting simple mathematical expressions to the users to make it difficult for robots to pass a form being validated. It displays a mathematical expression of a sum between two random numbers and asks the user to enter the result in a text form input. The class generates an hash of the result using a secret prime number that is passed in an hidden form input. When the user enters the result, the class validates it comparing the hash of the value entered by the user with the hash passed in the hidden input.

Maybe you can have a look at it. MathGuard

Answered about 10 years ago by Bastijn