Nasty Comment Spam Problem

[rate]

I have a problem that is above my novice PHP knowledge.

I have a spammer or spambot that is bypassing my comment form to enter data into my mySQL database.

Why do I assume this? I am assuming, because I configured one of the text fields to have a specific value in order for the form to be submitted to my PHP script. Data is still being entered into my database and that specific text field is blank in my database record. So that's why I am assuming that the spammer is bypassing the form.

My problem is that I don't know how they are doing it. Further, how can I prevent this?

Thanks.

[thetestingsite]

Use a system like recaptcha. It's a free service and is really great at stopping spam.

Hope this helps.

[rate]

I am using a captcha. But that doesn't help since my form is being bypassed.

[djr33]

Well, you're going to need to give us more information. REQUIRE the captcha in the PHP script, rather than just letting data submitted without it (from another page, probably) work. For one thing, you can require it be submitted from your site, rather than from another domain.

You don't even need a captcha, necessarily. If the bot is stupid enough, adding any little thing might stop it. Like "check this checkbox to avoid spam", and perhaps alternating with "don't check this checkbox, to avoid spam".

You could also try to just block that IP address.

But, again, we'd need more info to do anything specific.

[Jas]

I am using a captcha. But that doesn't help since my form is being bypassed.

How is that possible? If you set it up correctly, the form should not process unless that has been filled in and is correct.