How can I restrict the spammers on my website?

Though, I have implemented the "captcha" feature in prayer request form on the website, Still, I get 5-10 spams entries everyday to my inbox. Check the attachments.  Do I need to implement Google reCaptcha or anything else you suggest to block completely?
LVL 36
Loganathan NatarajanLAMP DeveloperAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Ray PaseurConnect With a Mentor Commented:
This article describes the latest on Captcha.  Google reCaptcha is virtually worthless now because it has been so widely used that it has become a target of attack and is readily defeated.

If you want to post the captcha code you're using now, I may be able to offer some suggestions.
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
I suspect you're not going to be able to 'block' that because I believe it was probably typed in like any other message / request.  I've seen a few of those on a couple of the sites I maintain going back a few years.
Loganathan NatarajanLAMP DeveloperAuthor Commented:
@ Ray Paseur   Thanks for your reference and suggestion.  What is your thought on @Dave Baldwin?  Because I validated the captcha same logic and I am sure it is done but still they fill unwanted data on right way to escape the validation?  So I am concerned how to block that?

Do you want me to replace the current code with your link article? I can do that. Please give your final thoughts.

@Dave Baldwin  , Thanks for your suggestion too.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

KimputerConnect With a Mentor Commented:
If so many are slipping through the cracks, I'm pretty sure your CAPTCHA code has a leak somewhere, and you need to indeed upload your code here for review.
I wrote my own code, the simplest EVERY, depending on ONLY 5 pictures (simple math), of which the outcome has to match the outcome of the math in the picture (which is quite predictable, since the solution to 1.gif is 2, 2.gif is 4, etc, php just pics a random image, and the results page will just check the input of the random number x 2), and it put the spamming to a DEAD stop. Not only is it simple PHP code, it's ALSO very simple for the user (instead of typing a difficult random string of numbers and letters), and somehow no spambot has deciphered it yet. But then again, I know spambots aren't actually doing much deciphering, it's just trying for dumb luck, as I dump the log of IP, shown picture, and what was filled in as security (usually nothing remotely close, mostly random stuff).
It's for this reason I think your PHP code is flawed, and the bots are just posting their input directly, and your code only verifies website input.
Even though my solution might be too simple, if you let the log file run for a few days, it might provide you with some extra info (on how smart the bots really are, and where they're from).
Ray PaseurCommented:
The point of Captcha is to tell computers and humans apart.  Consider the possibility that may be working perfectly -- you're just seeing gibberish that is put in by humans!  If that's the case, then Captcha is not going to prevent the gibberish.  It's just the online version of littering.  

If this information appears in an online forum, a moderation process is useful.  The kinds of rules that moderators implement are like these:

1. Nobody may post unless they have registered
2. The registration requires email confirmation
3. Until they have some number of accepted posts, their posts are held in embargo until the moderator manually releases the posts
4. If the posts look like spam, the moderator simply deletes the post, or notifies the authorities
5. After some number of deleted posts, the account is deleted (but the email address is retained and marked as "already in use")
In addition to what Ray recommended, have you tried prayer/praying?

I'd love to see a good spammer smiting.
Ray PaseurCommented:
^^^ @aikimark: Great idea!
COBOLdinosaurConnect With a Mentor Commented:
Along with the steps that Ray outlined, you can add IP blocking for spammers.  in the form capture the ip address into a hidden input. you can then use something like lookup the ip and it will give you the history of problems with the ip and also give the address needed to block the whole host provider if it is a problematic hosting organization.

Then you just deny from the ip in your .htacces and you will never have to deal with them again.

Loganathan NatarajanLAMP DeveloperAuthor Commented:
Thanks to all. I am working on Ray's suggestion. Will back.
Michel PlungjanConnect With a Mentor IT ExpertCommented:
Google released the new ReCaptcha
Loganathan NatarajanLAMP DeveloperAuthor Commented:
Thanks Michel Plungjan
Slick812Connect With a Mentor Commented:
greetings Loganathan Natarajan, , I hope I can help a small amount, although the effectiveness of any Captcha (even complex distorted images) is Much Less now in 2015, than even 5 years ago, due to highly effective server side OCR services for getting text from images. There's no 100% solution to stop "spam" entries, because the spammers are sometimes organizations (businesses) and have high money budgets and experienced coders.

That aside, you might consider "why" or the purpose of the organizations that spam you, They all hope to make money from the spam, if that, then they MUST have a revenue creation, usually a web addy , as in yours -
you might do a php string search for "http://" and then do not show-enter that request. you may also in include a search for "www.", be sure to make sure there is no <script tag in any request.

The suggestion by "Kimputer" for a NON-TEXT word, but other (as a simple math in that case), might be as effective or maybe more than a text entry Captcha. You could have a display line as -
    Which animal makes this sound - "Bark"
and to pass the test the user types  "dog"
     Which animal makes this sound - "Moo"  (ans "cow")
     Which animal makes this sound - "Chirp"  (ans "bird")
     Which animal makes this sound - "Cock-a-doodle-do"  (ans "rooster" "chicken")

I have seen where a small image of an animal is shown, and the user has to type in "cat" or "dog" or "fish" to get a pass.

If you really need more and better restrictions, you might keep your present Captcha, but add 6 radio buttons under it, labeled- cat, dog, fish, bird, monkey, cow, , and show a small animal image for them to use the radios.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.