Online Marketing Strategies

How To Stop Spam Registration in php.

2019-12-01 | 5726 Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

How to Stop Spam Registration and Contact Form Spam Submission.

seo web analyst blogger community

Have you ever noticed the period you start getting millions of registration that are not confirmed but are used to spam your registration form or worse even use your contact forms as well to spam unsolicited emails? Most of these attacks are similar to DDOS attacks. It is quite funny, with all the security procedures you still get tons of fake registrations and the only way to get rid of this is via your PHPMyAdmin.

You can see from the image above that this form has its own security captcha and even with the long-form registration requirements, this spam bot is able to send 100s of fake registration in minutes. But the most trivial question that gets across our clients' minds is why will they be targeted? To overload their servers and try to work on hacking it as well? We were able to also denote some codes that were passed along with the contact form submission that had Google ReCaptcha and still allow these bots to easily spam the contact form as well.

So, what solutions did we provided for our client was quite a simple line of code to assist them to STOP such attacks, although we are only going to give a preamble as to what was used, we advise you need to get in touch with your developer to aid you to create a separate method to stop the bots from bot forms...By the way, the login forms are usually safe as their validation is preapproved via the registration form, so more reason why the registration and contact forms are easy targets by the bot to hack the server.

How does a DDoS attack work?

A DDoS attack requires an attacker to gain control of a network of online machines in order to carry out an attack. Computers and other machines (such as IoT devices) are infected with malware, turning each one into a bot (or zombie). The attacker then has remote control over the group of bots, which is called a botnet.

Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a denial-of-service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.

seo web analyst blogger community

The interesting fact here is that we simply had to add a honey pot anti-spam option, which can be added alongside your captcha security or simply remove the captcha field. Honeypots are great because they don’t bother users like a CAPTCHA. In fact, they’re completely invisible to your real users.

Basically, a honeypot is a hidden field in your form that’s meant to stay blank. But spambots will see it, and automatically fill it out. When the honeypot field is filled in, we can reject the form as spam.

We applied this technique to both the registration form and contact form that already has a custom captcha and a Google Recaptcha, and still got spam a lot, so using this technique as another layer of security against bot aid to stop spam registration and spam contact form submissions.

Recommended Read: How To Add reCaptcha v3 In Contact Form and HTTP Security Response Headers For web Security

First, you need to add an invisible input in the form

Input name=website type=hidden / 

Next, you need to add a CSS style to make this form invisible to your users but visible to the spambots form


#car{ display:none; } .email_field { display: none; } 

Finally, you need to include this in your PHP form that controls the submission

if(!empty($_POST[car])) die();
  function detect_bot($post_data) {
    $is_a_bot = false;
    if (isset($post_data[email]) && !empty($post_data[email])) {
        $is_a_bot = true;
    return $is_a_bot;
if ($_POST && detect_bot($_POST)) {
    //echo You are not human;
} elseif ($_POST) {
    //echo Valid submission;



comments powered by Disqus


custom ads side bar


authors image profile

Olatunji Adetunji

I am a seo web analyst and have a love for anything online marketing. Have been able to perform researches using the built up internet marketing tool; seo web analyst as a case study and will be using the web marketing tool (platform).

Subscribe RSS

Subscribe with Subscribe with facebook Subscribe with google Subscribe with linkedin Subscribe with TwitterSubscribe with Yahoo   


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More Posts From Online Marketing Strategies

Random Blogs

Forex Trading Strategies
Online Marketing Strategies
Licensedclearing Agent
Licensedclearing Agent
Freight Forwarder