Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: incrediBILL
I have read about options to Matt's Script Archive nms or something like that but it's too WAY complicated. Perhaps something simpler could be suggested. I just don't understand it. It says something about .php I haven't got a clue how to do that. Do I have to create a file ending in .php? How do I set that up.
PHP is a scripting langauge - a whole world, in fact, with its own forum here [webmasterworld.com]. Most spam prevention takes requires scripting on the server to stop the bulk of it from getting through. Subscribing to the various blackists and using that data can be a big help, but these guys definitely are persistent.
What do I call the .php file and what goes in it?
What changes do I make to the code in the HTML page:
<td align="left" colspan="3"><FORM METHOD=POST ACTION="/cgi-bin/formmail">
<input TYPE="hidden" NAME="recipient" VALUE="firstname.lastname@example.org">
msg+='- Invalid Email Address: '+email+'\n\n';}
alert('The following fields are empty or invalid:\n\n'+msg);
return true }
<form name='Text' action='/cgi-bin/formmail' method='POST' enctype='multipart/form-data' onsubmit='return verifyMe();'>
<p align="left"><b> Text:</b></A></p>
<table width='80%' class='table_form_1' id='table_form_1' cellspacing='0' border='1'>
<td align='left' class='ftbl_row_1' ><LABEL for='Name' ACCESSKEY='none' ><b><FONT SIZE="1">*</FONT></b><FONT SIZE="1.5">Your Name:</FONT>
<td align='left' class='ftbl_row_1a' ><input type='text' name='Name' id='Name' size='45' maxlength='45' value=''>
Tedster, have you employed this method with success?
Yes - 99% reduction in form spam. but I also like Lord Majestic's approach a lot. Maybe combine the two and get a 100% success?
Again, the explanations sound good but more detailed instructions are needed for the HTML/PHP challenged.
Sorry hermosa, I think you're asking for way too much from an HTML discussion forum. It's like asking how to drive a car as part of wanting the directions for getting to Dallas! Where do we start, you know?
You should be able to follow up on the ideas in this thread "on your own" -- or if you really don't want to grow your own knowledge in these areas, then you could hire someone to apply the ideas for you.
Here is my code:
document.writeln('<input '+'type=hidden name='+sN+' value='+'1>');
tedster: Another similar approach uses external css to HIDE an unneeded form input. Anytime that box is filled in, it's a spambot so you just throw the submission out.
Yes, I have used this approach too - very effective. However, I have recently encountered a problem which meant that a legitimate message got flagged as spam! I was using a common field name (name="your_name") to potentially trick the robot to complete the form field. But I think some kind of auto-complete feature of the users browser (Google Toolbar or other plugin perhaps?) was auto filling the field and it was being sent with everything else - without the user knowing!?
Possible solution... use a field name that is a bit more obscure/unique. (Send potential spam messages to an alternative email for later checking if need be, don't simply discard it. Although you might need a massive mailbox - gmail perhaps?)
But the thought occurs that this is a bit of a security issue for the user, if the browser auto completes these 'hidden' (by CSS) fields?! Just speculation, but... a malicious form could have 'hidden' fields for "your_name", "your_address", "your_credit_card"....! Hhhhmmm... if you're browser has such an auto-complete feature it is probably advisable to disable it?! (NB: This isn't the normal auto-complete feature that usually only suggests previous values once you start typing.)
hermosa: The last part of the code is showing up:
Is PHP available on your server? Files containing PHP will generally need to have the extension ".php" so that PHP will parse the files on the server. Your formmail script looks as if it could be written in Perl (action='/cgi-bin/formmail').
venti: We have also used another method involving a minimum delay that the fastest real person could possible fill out the form (i.g. 1.5 seconds), forms submitted quicker than this are bots and ignored.
I like this idea. Presumably you simply store the start time (the time the page is generated) in a type="hidden" field in the form?
"; } ?>
and I can't make it disapper. This is too complicated. Simple HTML I can handle but this is way out of my depth. All of this trouble and now finaincial expense to get someone to code the pages due to spammers.
What I will do when I have the budget, is hire someone with a knowledge of PHP to re-code my page and implement some of the suggestions from this thread for a more permanent fix.
I would like to thank everyone for their inpu.
When a normal search engine like Google crawls you cloak in the <noscript> area with the plain vanilla navigation and links.
Problem solved, site incapable of being crawled by outside sources such as spam harvesters.
Then you make sure you set your entire site to NOARCHIVE which removed the CACHE pages of the search engine so they can't harvest your site in at the search engine level.
I have lots of other tricks and filters and tests installed, but that's the basics.
Say bye bye to anyone crawling the site you don't want to crawl it and kiss spambots adios.
Another similar approach uses external css to HIDE an unneeded form input. Anytime that box is filled in, it's a spambot so you just throw the submission out.
I've tried this with great success.
Also, if you have an email address such as email@example.com, change it to something like firstname.lastname@example.org. This helps cut down spam by a lot.
Another similar approach uses external css to HIDE an unneeded form input. Anytime that box is filled in, it's a spambot so you just throw the submission out. - tedster
You just create a field or two that's hidden via CSS- you can also label these with something like "Don't fill this out, unless you're a robot!"- again, concealed from the standard view by CSS
Anytime a submission comes in with those fields filled in, you can pretty much guarantee a robot completed it-
I have these submissions redirected to a folder that I can periodically review to ensure that i'm not trapping anything important.
Is a form generated, e.g. through PHP echo, vulnerable to being spammed by the bots or is it safe?
An HTML form generated by PHP (or any server-side language) is the same as a static HTML form. Both are subject to the same form of attack (no pun intended). However, using PHP (or any server-side language) to generate the form and consequently to process it's content will enable you to implement some of the methods talked about in this thread.
Any suggestions on how to prevent mailto: email address from being harvested?