Easy Bot Blocking

131 words.

I’m sure this is well-documented already — in fact I’m almost positive I’ve read this somewhere else, and I’m completely positive that I’ve seen web sites using this technique — but here is a quick and easy way to keep simple bots from posting data to your web site: Add a Javascript “onclick” event to your submit button which sets a hidden form field. Verify that the hidden form field is set correctly and viola, you have a simple test for human vs. bot.

It’s easy for a clever bot to circumvent this, but it keeps out the generic script kiddies. Also, obviously, human users will need to have Javascript enabled on their web clients, which may block some legitimate traffic.  But this is war, and sometimes there is collateral damage.

Related

This page is a static archival copy of what was originally a WordPress post. It was converted from HTML to Markdown format before being built by Hugo. There may be formatting problems that I haven't addressed yet. There may be problems with missing or mangled images that I haven't fixed yet. There may have been comments on the original post, which I have archived, but I haven't quite worked out how to show them on the new site.

Sorry, new comments are disabled on older posts. This helps reduce spam. Active commenting almost always occurs within a day or two of new posts.