Form bots and javascript

#1

i’m not very knowledgeable about bots but i am aware of this subject. I’ve read alot lately about bots and i understand that most bots are spam bots. I’ve also read that some bots are programmed to brute force logins, so they are more sophisticated in nature. Sometimes i read that bots don’t usually deal with JavaScript. Is this true? so, then, why not make a security token or pin with php to be displayed inside of a javascript form field? then onclick of that form field will paste (innerHTML) the value into a legitimate form field. If form field token != session js form field, then bot. Has anyone tried this?

so far, i have a random submit button name and value, a csrf token and a hidden input field. I’m looking for other ways to strengthen this protection. The question, if unclear, is about using a javascript token onclick paste method, which is a simpler way of implementing a captcha.

any thoughts? if js is able to block alot of bots, then should the entire form be displayed with js alone?

#2

Hello and please disregard this post. I wrote to a security expert last month for tips about how to better handle csrf tokens. The man actually looked at my code and offered me a fantastic resource for creating top level secure csrf tokens. I will just stick with this implementation of tokens and call it safe. Thank you for reading.