Using Referrer instead of Captcha?

Consider form.php and process.php. What captcha does is to check if the form has been submitted from form.php or directly POSTed to process.php. A simple way is to check the Referrer and prevent processing if the actuall Referrer is not form.php.

What can be the main problem for this method, as it is not normally used?

Is it possible for a spammer bot to send the form from form.php to have it as the Referrer?

Can this method slightly stop spam posts (if not completely)?

Answers


What can be the main problem for this method, as it is not normally used?

The referer is an optional HTTP request header that is sometimes disabled for privacy (and sometimes overwritten with junk for cheap privacy, and sometimes overwritten with adverts for privacy software).

You should not assume that Real Users™ will send it.

Is it possible for a spammer bot to send the form from form.php to have it as the Referrer?

Very easily. I'd be surprised if a large proportion of spambots didn't set it already.


The Referrer can be faked trivially, as it's simply a HTTP header. So this would stop a determined spammer for all of 5 minutes.


Need Your Help

problem in accesing a variable outside of a function in ajax call

javascript jquery ajax json

$.getJSON("http://192.168.1.9:8983/solr/db/select/?wt=json&&start=0&rows=100&q="+query+"&json.wrf=?", function(result){

JavaScript and/or JavaScript code using jquery invoking WCF Service retrieving a collection of System.IO.Stream?

javascript jquery wcf collections stream

I am creating a WCF service that will be consumed by plain JavaScript on the client side and some jQuery JavaScript on the client side as well.