Will AJAX form submissions help to combat spam?
I made an observation. AJAX form submissions are much less prone to spamming. To give you an idea of what made me think so, I want you to understand the below facts:
- I had a own-made simple blogging script(call it minimal) on this domain prior to Wordpress which I use now.
- The comment submission system on that minimal system had no CAPTCHA and was through a simple HTML form.
- I used to receive about 25-30 spam comments daily.
- One fine day, I changed the comment submission to AJAX-powered
- The new AJAX-powered comment system lived 33 days long before I removed my minimalistic blogging script and replaced it with Wordpress. During the 33 days long period, I received absolutely no spam comment. The CAPTCHA too were not implemented.
Some background about how spam bots function:
Spam bots do not actually fill in data by typing in into the fields. They simply harvest the value of the action attribute and names of input fields and post the data directly to the server script that is supposed to handle the inputs. Eg:
1 2 3 4 5 6 | <form name="form1" action="submit.php" method="post"> <input type="text" name="name"> <input type="text" name="age"> <input type="text" name="email"> <input type="submit" value="Submit form"> </form> |
In case of the above form the spam bot will directly post the values of name, age and email fields to submit.php file.
Future possibilities in form submission spamming:
1 2 3 4 5 6 7 8 | <script type="text/javascript"> // // var params="name="+name+"&age="+age+"&email="+email+""; xmlHttp.open("POST","submit.php",true); // // </script> |
As can be seen above, a future spam bot may be able to spot a AJAX-powered form submission and can forge the value of the variable params and send it to the target script-which is the second argument of xmlHttp.open()