i’m not very knowledgeable about bots but i am aware of this subject. I’ve read alot lately about bots and i understand that most bots are spam bots. I’ve also read that some bots are programmed to brute force logins, so they are more sophisticated in nature. Sometimes i read that bots don’t usually deal with JavaScript. Is this true? so, then, why not make a security token or pin with php to be displayed inside of a javascript form field? then onclick of that form field will paste (innerHTML) the value into a legitimate form field. If form field token != session js form field, then bot. Has anyone tried this?
so far, i have a random submit button name and value, a csrf token and a hidden input field. I’m looking for other ways to strengthen this protection. The question, if unclear, is about using a javascript token onclick paste method, which is a simpler way of implementing a captcha.
any thoughts? if js is able to block alot of bots, then should the entire form be displayed with js alone?