Spammers filling out forms

  • Thread starter Thread starter jusbeachin
  • Start date Start date
J

jusbeachin

How can I protect my forms to keep spammers from filling them out? Luckily,
I only get one or two a day. I'd like to nip this in the bud before it gets
out of hand.
 
jusbeachin said:
How can I protect my forms to keep spammers from filling them out?
Luckily,
I only get one or two a day. I'd like to nip this in the bud before it
gets
out of hand.

You can't, if it's manual.

If it's a script, do this:

- rename the file and update links so existing scripts can't find it anymore
- remove the word "comments" and "contact us" from the file name, HTML, text
on the page, and form field names.

I believe these are caused by people in poor countries using search engines
to find these forms. Then, the form is put into a script and served to
zombie nets (so there's no way to block IP addresses). The configuration is
manual, and done by folks with limited grasp of English. So removing the
terms searched keeps you out of their searches, and renaming the file stops
them on a temporary basis because the config for your form is no longer
valid.

Or just put up with it, it's just two. Some sites get hundreds of them.
 
If it's a person filling it out, you can't. If it's a bot, use captcha or
validation on some fields.
 
If you use FrontPage extensions to process your forms there is little
you can do. "-"'s post describes the best solution here, but it amounts
to hiding the form.

If you use server side scripting to process the forms then the scripts
and forms can be adapted top use techniques such as CAPTCHA to protect
against automated bots.
See http://www.rxs-enterprises.org/tests/anti-spam/ for some ideas for
server side scripted forms.
 
Just read your site

I like this idea
Using hidden fields can also defeat spammers. Add a <div> to the form and
style it to be hidden. If the automatic bot fills in these fields, then
reject the form. A human form-filler would not know these fields exist,
unless their browser has CSS disabled.


dead simple - what a great idea
 
Just read your site

I like this idea
Using hidden fields can also defeat spammers. Add a <div> to the form and
style it to be hidden. If the automatic bot fills in these fields, then
reject the form. A human form-filler would not know these fields exist,
unless their browser has CSS disabled.


dead simple - what a great idea

Do that, also do the other trick of avoiding names like "comments",
"suggestions", "questions", etc for form fields.

If you are writing your own script, filter the text fields for
anything with "<html>" or "<a href" or "http" in it. Dump those
messages. The only danger I've determined to that approach is that
there's a small chance someone could try to send you a comment and
include URL of the (your) page as a reference and you'd be dumping
that message.
 
Back
Top