Nancy's Web If you don't know where you've been, how do you know where you are?

Gotcha is sort of a take off on "captcha." The idea was first mentioned on http://drupal.org/node/166921 as a possible way to trick spam bots who try to use the Drupal contact form. I don't particularly like the extra step humans are required to perform in these "verification" methods, and some just don't work.

The idea is simple: Basically you place a bogus input field on a contact form, and use CSS to not display it. On submission you check for a value. If there is a value entered, then that means a non-human has been blanketing form fields, and the form post can be ignored as spam. The spam bot will probably never know.

Gotcha adds a field labeled "Subject" at the top of the contact form. It uses a "div" tag to render the field as "display: none" so human users shouldn't see it, and won't enter any data there. Hopefully, the suspected spam bot will see "Subject" and be enticed to enter something there. There is descriptive text to encourage a human (whose browser might be set to display it anyway) to ignore this field.

Gotcha intercepts the contact form submission and checks the hidden field. If something is there, Gotcha simply returns to the front page and ignores the message. The attempt is logged, along with the submitter's IP address, and the suspect message is saved in the database. If the field is empty, then the message is passed on through to the contact module for normal processing.

Unfortunately, most of the spam was still getting through. And most of that was a bunch of links to drugs or porn. From exerience, I knew that the Spam module was already good at dealing with this in comments. After browsing that module, I found that I could "hook" into its filters and use them to identify spam.

All of my spam emails stopped immediately!