There's a simple trick that a friend of mine, Sean Rabey, at Pump Interactive showed me which will help you reject submissions from bots.
Sean suggested that I use an input field and then hide it with CSS. Humans entering data into the form won't see the field and therefore won't enter anything into it. Bots on the other hand may try to fill out this field and can't detect whether or not it's visible in the browser. If your "special" field has data in it you can reject the submission since you know it's not a human entering the data.
Here's an example of how you can do this in APEX. You can view an example here: http://apex.oracle.com/pls/apex/f?p=20195:2900
- Create a "Dummy" item
Set "HTML Form Element Attributes" to class="hideMe"
- Configure "hideMe" style
Add the following in your application somewhere (or to a CSS file)
- Add validation to catch bot entries
Type: Exists
Validation Expression 1:
SELECT 1
FROM DUAL
WHERE :p2900_dummy IS NULL
Simple trick as long as your web site isn't a popular one, because then the bots will be adapted to it.
ReplyDeleteBTW a tip: Use a simple "Value of Item in Expression 1 is NULL" validation condition instead of the SELECT from DUAL. It's a faster an more declarative.
Regards
Patrick
Hi Patrick,
ReplyDeleteThanks for the tip.
Martin
Hi,
ReplyDeleteYou can also create item to page zero and use application process After submit check is item null, and raise error if it is not.
Regards,
Jari