Recently faced the problem of multiple registrations of bots. Prior to this, the registration form was not very perfect (however, I used JS to upload data, without JS, I could not register at all) - I improved it and did everything without using JS at all. Well, the bots began to register (did not set the captcha).

Here is the question - it turns out that JS bots cannot perform? Or at least most? Is such a measure sufficient as the presence of a JS user?

If not, then you need to make a captcha. Can anyone advise on php some kind of simple captcha module?

  • Google "spam protection". And do not use captcha tense users! - PinkTux

2 answers 2

The possibilities of a spam machine depend on many factors:

  • Is this a module in trojans? Then the JS engine cannot be thrown there, only something simpler, the JS check will definitely protect.
  • Is it a program on an abuse grandfather with a bunch of socks? Then, of course, you can attach the engine, and you can update the code better and faster.
  • Is it an individual complex written for $ 50,000? Will bypass everything, from the person unless you differ on the contents. After the fact, of course.
  • etc.

In general, the JS test is good enough, although now spammers are adapting to this protection (pick and connect PhantomJS , for example).
There are not so many users with disabled JS (there are quite paranoid people sitting under the virtual machine), so it’s easy for them to post a beautiful banner in the <noscript></noscript> .
To do a simple check through JS to submit (validation, for example, is always needed) and / or load forms without action , and after loading with the same JS put it in place from the data-action .

    I don't think js is enough. here is an interesting article on how to do without a captcha - they really strain ... https://habrahabr.ru/post/151084/ plus the user can be disabled js - validation must be done on the backend side as well.