Mon, Feb 5, 2007, 3:10am Dynamic Forms via AJAX?
Blogging » Making This Blog
ust wondering if this could help solve spamming problems, but what if webpages didn't have form tags at all when they loaded, and only got them at a user's request to post something. Dynamically, using AJAX, so the form tag is never available on a generic page load. I would presume that spambots would ignore the page as just a static webpage. I'm amazed at the level of spam that hits any page with a form on it. It might not help for pages which have already become known to the bots, which don't seem to re-scan pages that they already know respond to form posts. So, any chance this could work?

  • John Bachir (Mon, February 5th, 2007, 11:08pm UTC)
    There are three main types of anti-spam methods for web forms (including blog comments): [1] obstacles which bots can't do _yet_ because spammers haven't needed them [2] obstacles which computers for the most part cannot do [3] networked, evolving intelligence/analysis of spam activity.

    An example of 3 is akismet (

    An example of 2 is a CAPTCHA systems, the simplest of which bots actually can get past, but there are other more elaborate systems which will work for many years to come (select the 3 photos of kittens from these 9 photos).

    What you propose is an example of type 1. Any bot that can evaluate javascript will be able to get past your system. Can bots do this yet? Not that I have ever heard. If a popular blogging systems starting using a javascript anti-spam solution, the bots would be evaluating javascript within a few weeks.

    So go for it! no-javascript-browser fools be damned!

  • Jeff (Tue, February 6th, 2007, 4:41am UTC)
    I may go ahead of give it a try when I get some time. It would be interesting to see how that turns out.

    The amount of spam this very low-trafficked blog gets is depressing. I'd much rather stop them from submitting than filter out their submissions, even though my current home-grown filter technique has, over the last 4 months, 100% success. How I know: I've been checking, which is sadly a form of defeat. I'd rather not have to check.

    If I ever met someone who was a spammer…

Leave a comment