Server side validations are must for Public pages to avoid spam.
In socialsphere website, spam comments were posted under website blogs section.
Blog section doesn’t require login for writing comments. This page had client side validations for captcha and textboxes. The client side validations can not stop if someone is posting comments through some script. Its better to implement server side validations if any page is taking input from general public.
We changed page captcha to Zend captcha to increase the captcha complexity. This adds lines, dots and changes to text orientation in every request.
Some strange thing for me is PHP $_SERVER[‘HOST’] has many host names and one of them was “socialsphere.com” in it. How is it possible to have many hosts for a http request ?