Form Security using MS FrontPage 2003

MarkGatESS · #1 (**permalink**) 09-11-2007, 12:41 PM

I've found many sites that use a system to "generate" an image with scrambled alpha/numeric codes that a user has to input into the form before the form gets processed - to insure that the person signing up is a human being and not a form bot.

Does anyone know of a JavaScript or some 3rd party code I can add to my forms in FrontPage that will allow FP to process forms as it normally does, but only if the right security code is entered into the form? I haven't had too much of a problem with spammers, but it does happen and I'd like to get a system put in that will filter out those bots. That way, we'd have a more accurate database of responses.

**wige** · #2 (**permalink**) 09-11-2007, 01:46 PM

This type of technology can not (or at least should not) be run through a client-side language such as Javascript. You would need to use PHP or ASP depending on the programming language your server uses. There is also a third party option being tested by Microsoft, available for use on web sites for free, called Asirra

Dubbya · #3 (**permalink**) 09-11-2007, 03:38 PM

Yup, it's gotta be server side or it's just no worth implementing.

Since you're using Frontpage, I'd assume your server will run .asp scripts.

There are tons of free and easy to implement "CAPTCHA" scripts available. Any one of the following look like they'll meet your immediate needs. I've not used them myself so can't vouch for them, I'm simply providing a resource.

Here's one:
Captcha ASP script - prevents automated form sumbissions

Here's another:
ASP Security Image Generator (CAPTCHA)

And Another with CSS and javascript:
A CAPTCHA Solution For Classic ASP

Good Luck.

cparvin · #4 (**permalink**) 09-12-2007, 12:05 AM

In several sites I use an email validation technique. The person (not bot) fills in their email address and an email is sent to them. They then click on a url link in the email and the url link verifies that the email address is a real one. The person is then taken to the rest of the form and completes it.

This prevents the bot from filling in the form. I do this in server side with php as it is on a unix server.

MarkGatESS · #5 (**permalink**) 09-12-2007, 05:43 PM

Thanks for everyone's advice. Dubbya, I'm going to check out some of those sites you listed. Thanks.

MarkGatESS · #6 (**permalink**) 08-21-2008, 02:58 PM

Thanks for the help guys, but I tried all three and NONE of them worked for me!

The one from Motobit.com requires the server to have the Office web component "Chart" on the server - mine doesn't, and I don't know who would have it. I've never heard of it before and all the different web hosting providers I've found have never listed it as an "included feature" or whatever.
The one from tipstricks.org is GONE - it's there, but the people who ran/maintained it stopped doing so and there's no support files of how to install and implement the CAPTCHA they provide.
The one from U229.no requires me to build an .asp page for the form - I can't use an .htm page for the form.

I also found one called iCaptcha - which runs an interface that will build a CAPTCHA, uses a .swf file to display the generated image, and provides the code to run it. However, you have to build your OWN .asp form handler and add the code to their .asp page that handles the results after you hit "Submit".

Any way I turn, either the captcha won't work with FrontPage forms or it requires programming knowledge on my part. Since I'm not a programmer nor have I the interest in learning a programming language at my age, I'm screwed.

The hackers and programmers have RUINED the simplicity of the Internet!!!

Maybe I should pursue a career in photography instead! I find that much less complicated than today's Internet site building!

**wige** · #7 (**permalink**) 08-21-2008, 06:49 PM

Just trying to come up with something off the top of my head, this would require the use of server side programming, Javascript, and sessions (cookies) to work...

1. Generate two random numbers between 1 and 9.
2. Have an array that has the text equivalents of the numbers ($number = array('zero', 'one', 'two' ...);)
3. Calculate the sum of the two generated numbers.
4. Store the calculated sum in the user session.
5. Display in the page the question, using the text equivalents of the generated numbers (echo "$number[$n1] plus $number[$n2] equals: <input name=\"answer\"> (please enter a number between 2 and 18)";)
6. When the form is submitted, check that the value of answer is equal to what was stored in the session (if ($_POST['answer'] == $_SESSION['answer']) $user = 'not a bot';)

This is a somewhat overly simplified form of CAPTCHA, but the plain text display of the numbers should prevent most bots from answering the question. Yes, it can be defeated, but it should be somewhat effective. You could further complicate this by using a Javascript document.write method to display the question. This document.write would cause the question to be invisible to many bots, causing them to not attempt to answer the question, thus failing.

DaveSawers · #8 (**permalink**) 08-22-2008, 10:03 AM

Quote:

Originally Posted by MarkGatESS

Since I'm not a programmer nor have I the interest in learning a programming language at my age, I'm screwed.

To build websites you need to do some programming. Of course you can use Frontpage or its equivalents to put simple stuff up on your own personal web page but to get to the next level you need to program.

Nobody's too old to learn something new and it's really not very difficult.