 |

04-30-2008, 07:34 AM
|
|
WebProWorld New Member
|
|
Join Date: Oct 2003
Posts: 9
|
|
Can I stop spammers filling in my form?
I have hotel site which uses an online booking form. It's written in expression web.
There is an area for special requests i.e. disabled facilities, extra beds, cot etc.
I constantly get spam mail on it.
Trying to make up a form which covers all the eventualities with buttons or lists doesn't seem to cover all the questions people ask, so I'd rather keep the text area if I can.
Does anyone know a way to prevent the spammers using it?
Ree
|

04-30-2008, 10:34 AM
|
 |
WebProWorld 1,000+ Club
|
|
Join Date: Aug 2003
Location: Worldwide
Posts: 6,454
|
|
Re: Can I stop spammers filling in my form?
|

04-30-2008, 06:56 PM
|
 |
WebProWorld Member
|
|
Join Date: Aug 2003
Location: Fullerton, CA
Posts: 68
|
|
Re: Can I stop spammers filling in my form?
First, do not make the address visible, have your form post the email in code, where the address cannot be seen in a "View Source". This prevents email scrapers from getting the address.
Second, make one field a 'captcha', (a graphic must be read and typed in), or a human readable question and answer that a script could not answer, like "What color is the sky?" (answer would contain the word "blue")
|

04-30-2008, 07:30 PM
|
|
WebProWorld Pro
|
|
Join Date: Apr 2004
Posts: 257
|
|
Re: Can I stop spammers filling in my form?
Captcha's aren't really a good idea. They work for the problem of spammers, but cause new problems with customer usability.
You could always follow the K.I.S.S process.
Create a text field and name it, then wrap that field in a div with display:none.
Then in the server side form processing code, look to see if the form field myemail is empty, if its not empty then don't allow the form to be submitted.
Code:
<div style="display:none;">
<input type="text" name="myemail" value="">
</div>
How does this work? The spammer programs are made to fill out the text fields, so they will see the text form field myemail and enter in content. Which then your programming will see that there has been something filled in and not allow the form to be submitted.
I have ran this on many sites are stopped all spam forms from being sent.
Also, if your code looks for a specific field to start processing, I would change the name of that field. Since the spammers already have that field name store in their system.
|

04-30-2008, 08:11 PM
|
 |
WebProWorld 1,000+ Club
|
|
Join Date: Apr 2005
Location: Delaware Valley, PA
Posts: 1,120
|
|
Re: Can I stop spammers filling in my form?
Most of my forms are coded within the CMS I use and fairly spamproof, but friends of mine have a unique way of handling this with their static html site. They've done a sort of backward captcha. It's a text field that is hidden offscreen by using the css. If it's filled in, then the email is simply discarded since it will only be filled out by 'bots. Humans will never see it so they never fill in that field.
|

04-30-2008, 08:27 PM
|
|
WebProWorld Member
|
|
Join Date: Oct 2005
Posts: 28
|
|
Re: Can I stop spammers filling in my form?
I agree with imvain2 -> the invisible field is a really simple and great way to check if it's a SPAMBOT or human without impacting on your customer.
All you need to do is write code which says :
Code:
<?php
if(!empty($_POST["myemail"]){
$spam = true;
} else {
$spam = false;
}
?>
Then just before you send off the email message you check whether it's true or false and if it's true, don't send the email :
Code:
if(!$spam){
// send your email
}
__________________
-------------------------------------------------
World Music World - bringing the World's Folk Music Cultures Together
http://www.worldmusicworld.com/
-------------------------------------------------
|

04-30-2008, 08:29 PM
|
 |
WebProWorld Veteran
|
|
Join Date: Sep 2003
Location: Halton Hills, ON
Posts: 526
|
|
Re: Can I stop spammers filling in my form?
Quote:
Originally Posted by imvain2
Create a text field and name it, then wrap that field in a div with display:none.
Then in the server side form processing code, look to see if the form field myemail is empty, if its not empty then don't allow the form to be submitted.
Code:
<div style="display:none;">
<input type="text" name="myemail" value="">
</div>
|
OH WOW! Wicked solution! Any chance you or BJ can post the scripting that looks at the field and kills the submit?
I have a couple older sites that would benefit from this...
|

04-30-2008, 10:14 PM
|
|
WebProWorld New Member
|
|
Join Date: Feb 2008
Posts: 2
|
|
Re: Can I stop spammers filling in my form?
I like the invisible field suggestion and I'll have to try it. But I have also used a CAPTCHA solution that is very easy to work with. Even though all CAPTCHA presents useability issues, this one, at least, has an audio version that reads the image for the visually impaired and also has a reload button to generate another CAPTCHA image if the first was too hard to read. Check it out at ProtectWebForm.com. I wouldn't use it for secure information because it seems to run the captured inputs through their server then route them back to your server, but for your run of the mill inquiry form, it's okay. Another interesting version of CAPTCHA is found at ReCaptcha.net.
|

04-30-2008, 10:48 PM
|
 |
WebProWorld Member
|
|
Join Date: May 2005
Location: Louisiana
Posts: 43
|
|
Re: Can I stop spammers filling in my form?
Quote:
Originally Posted by reebene
I have hotel site which uses an online booking form. It's written in expression web.
There is an area for special requests i.e. disabled facilities, extra beds, cot etc.
I constantly get spam mail on it.
Trying to make up a form which covers all the eventualities with buttons or lists doesn't seem to cover all the questions people ask, so I'd rather keep the text area if I can.
Does anyone know a way to prevent the spammers using it?
Ree
|
You need to lock down your forms. You can use a capta system or you can have a photo be displayed and ask the user what it is
in the photo like a cat or a dog. The scripts at green-beast.com might be good but it has problems I see right away.
Never send or allow the script to send a copy to the users email because spammers will use it to send spam to other users using your form.
Hard code all headers To: From: Subject: Do not enter any data into these fields from your contact form because spammers can inject code into the headers and take control of your mailer and send spam to others. You can try to trap the injected code but you may miss something better safe than sorry.
Put the senders from address and subject line inside the body of the message. And hard code your email address into the To and from lines.
What the others said about having dummy fields is also a great ideal.
__________________
---
* SLMR v2.0 * Have many Nice days
Last edited by tmaster : 04-30-2008 at 10:51 PM.
|

04-30-2008, 10:59 PM
|
|
WebProWorld Member
|
|
Join Date: Oct 2005
Posts: 28
|
|
Re: Can I stop spammers filling in my form?
Here's the full PHP script of my anti spam check which also checks for "bad" characters + if the extra email was filled in + also writes a timestamp to see if the form was submitted too quickly or too long after being generated i.e it was saved offline and submitted by bots.
And as tmaster says, always hard-code the To: From: Subject: fields.
In the PHP header code
Code:
// check if any of the SPAMBOT criteria are true
if(preg_match("/bcc:|cc:|multipart|url|Content-Type:/i", implode($_POST))) {
$spam=true;
}
if (preg_match_all("/<a|http:/i", implode($_POST), $out) > 3) {
$spam=true;
}
if(!empty($_POST['emailagain'])){
$spam = true;
}
// if e-mail is not formatted correctly, show error message
if(!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $_POST['email'])) {
$error = true ;
}
if($_POST['formtime'] < time()-3600) {
$spam=true;
}
In the form, I add these fields:
Code:
<span style="display:none;visibility:hidden;">
<label for="emailagain">Do not enter anything in this field as it's designed to stop SPAMBOTS!</label>
<input type="text" name="emailagain" id="emailagain" value="" />
<input type="text" name="formtime" value="<?php echo time(); ?>" />
</span>
Cheers,
Niggles
__________________
-------------------------------------------------
World Music World - bringing the World's Folk Music Cultures Together
http://www.worldmusicworld.com/
-------------------------------------------------
|

04-30-2008, 11:04 PM
|
|
WebProWorld Pro
|
|
Join Date: Feb 2004
Posts: 104
|
|
Re: Can I stop spammers filling in my form?
Very clever solution imvain2. I like it. It is a good added layer to go along with a CAPTCHA, server-side validation, and a modrewrite solution that I use shown below.
Code:
<div style="display:none;">
<input type="text" name="myemail" value="">
</div>
One should never be too arrogrant to think that a spammer or hacker can't get through one layer of defense. While they do depend on automated bots to most of the heavy lifting there are real humans behind these bots that can very easily look at the source code of a webpage and make code modifications to their bots faster than we can say boo.
This modrewrite solution that you can add to your server's HTACCESS file can be very useful if implemented correctly. And along with the other suggestions on this thread can create a very good multi-prong approach.
Code:
RewriteEngine On
# Code needed in case server config hasn't completely enabled Mod Rewrite
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .*your_posting_page\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.yourdomain.com/errorpage.htm [R,L]
|

05-01-2008, 03:44 AM
|
|
WebProWorld New Member
|
|
Join Date: Jul 2007
Posts: 18
|
|
Re: Can I stop spammers filling in my form?
It looks as if most of the spam is generated by software that detects forms and fills in a few random fields.
When we started getting a lot of spam, we simply added a check to ensure that the contents of one field was numeric.
If the field didn't contain numeric data, we returned a polite request for this field to be completed.
An email would only be generated if this field contained numeric data.
Also the email address was only contained within the PHP code.
Since we implemented this change, we haven't had any spam getting through from the form.
Hope this helps,
Tim
WebSphere MQ
|

05-01-2008, 05:21 AM
|
|
WebProWorld New Member
|
|
Join Date: Mar 2008
Posts: 23
|
|
Re: Can I stop spammers filling in my form?
Quote:
Originally Posted by imvain2
Captcha's aren't really a good idea. They work for the problem of spammers, but cause new problems with customer usability.
|
I had exactly the same problem with a old contact form which I forgot about and didn't even link to anymore...my host temporarily banned my site.
If you are going to go down the CAPTCHA route then make sure you check out various solutions before settling on one. Some of the third party capture packages can be very difficult for even the most able eyed of people to understand. Personally I feel that a bad example would be Google's keyword suggestion tool site, while an example going to the opposite extreme would be my own cd duplication site.
The later is too easy for programs to read, while at times the former can be way too skewed to read properly. The hidden field idea is also new to me, and I'll be looking at trying this out!
------------------------------
Last edited by jawn_tech : 05-02-2008 at 02:07 PM.
Reason: Sig links are for profile edits only, not to spam in body of message.
|

05-01-2008, 07:44 AM
|
|
WebProWorld Member
|
|
Join Date: Nov 2006
Posts: 94
|
|
Re: Can I stop spammers filling in my form?
Even if you follow the advice from the other members, it will be hard if not impossible to get your e-mail address removed from the spammers lists.
What I would do is setup another e-mail address and have Gmail fetch the e-mail from the old address, filter out the spam and forward the e-mail to your new address.
|

05-02-2008, 09:24 AM
|
|
WebProWorld New Member
|
|
Join Date: Oct 2003
Posts: 9
|
|
Re: Can I stop spammers filling in my form?
Thanks everyone for all the suggestions.
I'm not worried about them collecting my e.mail address as I always code them. It's just the nuisance value.
I've taken it all on board and I'll try one or two and see what happens.
Thanks again,
Ree
|
| Thread Tools |
|
|
| Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|