Protecting online contact forms

Forum Moderators: phranque

Message Too Old, No Replies

Protecting online contact forms

graeme

7:45 am on Oct 8, 2005 (gmt 0)

Hi, I have a client who is getting half a dozen "rubbish" entries each day from his online contact form. It seems that some kind of automated program is filling it in, with useless information.

Anyone know of an easy way to stop this? I'm assuming some kind of box where people have to type in a code (shown in an image) - which automated programs couldn't do. But anyone know of any easy way to do that, perhaps in Javascript, or maybe a Perl script or something that will do it?

Cheers
Graeme

keyplyr

8:06 am on Oct 8, 2005 (gmt 0)

You might wish to consider using CAPTCHA [onlamp.com] or similiar checks.

I just call all my forms with JavaScript links. Most bots don't follow them.

rocknbil

5:48 pm on Oct 8, 2005 (gmt 0)

graeme if this is what I think it is, nothing you do with the actual form or Javascript is going to help. In fact, if you're getting those garbage emails, you're just at the stage where the hacker/spammer is "feeling out" your server-side processor, trying to detect the names of the variables you use for the mail headers.

Once they do that, you won't hear from them again until you get accosted by your ISP for sending spam. What they do is send a direct command-line query to the script, bypassing the actual form page, insert a BCC: field into the mail headers, and dump a few thousand email addy's in their BCC field. Being a BCC, you'll never see it unless you pore over mail logs.

More info, and ways to plug up their works, are in this recent thread [webmasterworld.com].