homepage Welcome to WebmasterWorld Guest from 54.196.24.103
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Prevent Spam Attacks on Contact Forms
Contact form spam prevention
on_edge




msg:3715754
 3:18 pm on Aug 5, 2008 (gmt 0)

I'm looking for a solution, hopefully fairly simple, to preventing contact form spam attacks. Contact forms are processed by PHP handler page. They don't get the email address, but they can still attack/submit the form.

I'll have to apply the solution to many sites, which is why I'm hoping to find something simple.

 

pinterface




msg:3716070
 9:21 pm on Aug 5, 2008 (gmt 0)

The easiest thing to do is change the names of the form variables. Spambots know what to do with the input fields 'email' or 'message', but they become disoriented and confused for the field 'ska54rjha89fja43'.

The second easiest thing to do is check for URLs. Normal people don't put dozens of web addresses into a form, spambots generally do.

netmeg




msg:3716633
 2:27 pm on Aug 6, 2008 (gmt 0)

I've started creating an extra field on my form, and then hiding it from human view with CSS. The confirm page has a little PHP code at the top such that it exits if there's anything in that hidden field.

That's been surprisingly effective. I'm sure that someone will come up with a way around it eventually, but it's working now.

rocknbil




msg:3716825
 5:58 pm on Aug 6, 2008 (gmt 0)

1. Log your data directly from the script. This is the most useful tool in determining exactly what they are trying to do, and stopping it. Server logs don't tell the whole story.

2. Cleanse your data. Accept only character sets [A-Z0-9(and punctuation)]. From there, once you figure out what spammers are trying to do, it's pretty easy to stop them by filtering out their input.

3. Netmeg's hidden field is one approach. Use it. Also set a cookie, on form load, and read the cookie for a matching value on submit.

4. If the above doesn't slow them down or lead you to a way to close the door, some form of challenge/response field will help. You can use a CAPTCHA, but not only are these as hated as pop ups, they are hackable. Some members here use a simple question and answer response: "What is 4 + 7?" "What is the color of blood?"

Deeply discussed here [webmasterworld.com]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved