Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: incrediBILL
I have read about options to Matt's Script Archive nms or something like that but it's too WAY complicated. Perhaps something simpler could be suggested. I just don't understand it. It says something about .php I haven't got a clue how to do that. Do I have to create a file ending in .php? How do I set that up.
You can submit the form using things like Text.submit()
Here is the code:
# Denies the following IP Address(es)
deny from ###.###.###.#
deny from specificdomain.com
I just used the # sign in place of actual numbers.
I identified a whole bunch of IP addresses from my Log Manager. It was easy to do as I had left my original page with the form on my site and had it only link to itself. No other page on the site linked to it. Anything that shows up posting to that page is spam. To double check though, I matched the time the spam e-mail was sent with the log entry and got the IP address. I got the rest of the IP addresses from:
All the usual offenders are listed there. Let's keep our fingers crossed and hope that this works. Anyone else have success with this? Do you think it will work long term? I am finally get my designer to re-design my site templates and one of the things he will be doing is implementing some of the other suggestions here since I know nothing about .php.
However, I would have thought that blocking certain IP's was just the first step, because of the shear number of IP's spammers use. To manually block IP's when they are found to be spamming could be a very time consuming and possibly fruitless excercise.
You could automate the blocking of IP's... When your robot checks fail on your form (may be twice to be safe?) then automatically add the IP to your .htaccess?
(EDIT: I didn't see slef's reply)
I got the rest of the IP addresses from: .....
Just as a for instance... I've just had an example of form spam come through one of my sites. It got through my robot checks (CSS hidden field check and check to make sure the form was completed in more than a few secs). It got stopped by my offensive language filter. But the IP address was a new one - and it did not appear on the list posted above.
Not so hot for someone using JAWS (or similar) I would imagine. Presumably they would see their form unceremoniously rejected, too.
I have heard that JAWS understands CSS these days - is that true? But even so, the 'hidden' field should have an appropriate label, "(Do not complete this field)" for the benefit of any real user that should happen to see the field (if CSS is disabled or whatever).
"tedster: Another similar approach uses external css to HIDE an unneeded form input. Anytime that box is filled in, it's a spambot so you just throw the submission out."
penders: Yes, I have used this approach too - very effective. However, I have recently encountered a problem which meant that a legitimate message got flagged as spam! ... I think some kind of auto-complete feature of the users browser (Google Toolbar or other plugin perhaps?) was auto filling the field and it was being sent with everything else - without the user knowing!?
I don't normally quote myself, but this has happened to me again! The hidden (by CSS) form field has been submitted with the users email address this time! The email address has also been entered correctly in the appropriate email address field - so this is duplicate info! I very much doubt that even if the user was able to 'see' the field, they would enter their email address twice, particularly when one of them states, "Do not enter anything here!"?!
This is a relatively low traffic site, so the percentage of legitimate form submissions that are failing because of this hidden CSS field are surprisingly high! A tad worrying.
The users UA includes "FunWebProducts". Ring any bells?
Does anyone know of any browser plugins / extensions / toolbars which could auto-complete form fields in this way? Normal auto-complete only offers suggestions when you start typing in that field.
Penders, could the hidden field be prepopulated with a value that if changed indicate a bot?
Yeah, I was wondering that... but do robots change values in already populated fields (or only when the field is empty)? If I was a robot I don't think I would both... I would assume the value already there was valid. (?)