homepage Welcome to WebmasterWorld Guest from 204.236.255.69
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Suffering from form spam?
stop form spam by robots through contact forms etc
rogoff




msg:3218244
 12:46 pm on Jan 13, 2007 (gmt 0)

Recently, I started getting loads of spam being sent through the contact form on my site. I eventually realised that it's being submitted automatically by some sort of spam robot.

Anyway, after a bit of research I've managed to stop it by luring it into a trap with a bit of bait. The spam has finally stopped. Here's how I did it:

- Add a new field to the form using a typical name - something like:
<input name="email2" type="text" size="45" id="email2" />

- Then wrap it in a hidden layer so that people using web browsers can't see it, eg:
<div style="visibility:hidden">
<input name="email2" type="text" size="45" id="email2" />
</div>

- Then add some logic to your form handling so that the contact form is not actually submitted if there's any data in the invisible field, eg:
$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

Because the robots don't use browsers, they don't realise the field is hidden and they fall into the trap of adding data to the field. Once they do that, you know it's spam and can stop the data being submitted.

It doesn't rely on JavaScript and your normal users won't even know it's there. Worked for me :)

 

henry0




msg:3218249
 12:57 pm on Jan 13, 2007 (gmt 0)

Yes it should works

Just add a log so you can enjoy yourself by looking at the "kills Stat"

fiu88




msg:3231100
 6:20 am on Jan 25, 2007 (gmt 0)

We've been getting flooded with these as well...
I'm trying to figure out how to prevent this...html page...a send mail asp script ..to be exact

Raymond




msg:3231125
 7:11 am on Jan 25, 2007 (gmt 0)

Thanks for sharing that trick rogoff. That's a very smart and easy way to stop spam.

[edited by: Raymond at 7:12 am (utc) on Jan. 25, 2007]

TerryG




msg:3231331
 12:39 pm on Jan 25, 2007 (gmt 0)

could you show us a better example of its use for us non code guys?

mattglet




msg:3231538
 3:27 pm on Jan 25, 2007 (gmt 0)

TerryG-

You know how forms have all the text fields to fill out? In rogoff's example, he/she is just putting a "hidden" text field in the form (a hidden field will not be displayed as a browser). Since spam bots aren't smart enough to know that a field is hidden or not (they just care if it's there), they'll fill in some spam values and try to send the form.

In your form handler, rogoff is suggesting you put some code that checks if this hidden value is filled in. If it is, then you've got a dumb spam bot trying to send you garbage. If it's not filled in, then you have a valid user, or a smart bot ;)

AmericanBulldog




msg:3234219
 7:15 pm on Jan 27, 2007 (gmt 0)

OK, some forms for dummies help needed here on the implementation of this

I see the new field goes into my form
<div style="visibility:hidden">
<input name="email2" type="text" size="45" id="email2" />
</div>

That's the easy part.

Where does this go?
$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

If I put it into the text file that handles my form, it just gets spat out in my form, if I put it into the form, it jsut gets spat out on the html page.

I am obviously missing something here.

mattglet




msg:3235705
 1:02 pm on Jan 29, 2007 (gmt 0)


$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

This is PHP code, and is used on a .php page.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved