Yii 1.1: aii-anti-spam-behavior

This exension can be used in models, e.g. comment models, to avoid spamming

This behavior is designed to use as anti-spam solution e.g. for comments model. The basis of this solution is to use hidden fields in form and check if they are empty during validation. This is because most of spam-bots fill all fields in form. Real users doesn't :) Second anti-spam solution is checking how long form is filled by submitter. Robots fills form really quick, while user need for that at least 1-2 seconds. Measuring time between creating model and saving it gives us answer if we are dealing with form filled by reals user or spam-bot.


Yii 1.1 or above


Configure behavior in model. Note that setting errorMessage is useful, when you want to inform user, that he was classified as spammer.

public function  behaviors()
        return CMap::mergeArray(parent::behaviors(), array(
                'scenario'=>'insert', //model scenario in which our behavior will be used
                        'field'=>'email',//field or comma separated field names to be empty hidden and empty during submitting form
                        'default'=>'no-spam@spam.com', //default value if needed
                        'errorMessage'=>'Your message where classified as spam. Please contact admin or owner of this site, if you think this was done by mistake.'
                        'min'=>2,//min. time in seconds between model creation and saving it
                        'field'=>'email',//field where error message should be displayed 
                        'errorMessage'=>'Go away spammer!' //error message


Total 1 comment

#2129 report it
samdark at 2010/11/15 02:48pm
Another idea

Nice one. I have another idea that is not so easy to implement but that should be very efficient.

  1. Generate random names for your form fields and add some honeypot ones hidden with CSS. Save fields mapping to session (generated field name → real field name).
  2. After form submit check if not mapped fields are filled. If they are — it's a spam. If not — get real fields using mapping saved into the session.

There are, of course, some cons: 1. Browser autocomplete will not work. Can be solved using cookies. 2. Will not work with default Yii active forms.

Leave a comment

Please to leave your comment.

Create extension