combat spam

[fpeter]

Thank you to everyone who answered my questions on my other post, the answers were excellent although some of them a bit beyond me to impliment.

Having thought about form and comment spam in a different way over the past few days I have come up with some ways to try and combat this.

I'm not sure if any of these will help or not but here goes with the ideas I had.

Spammers want to populate your forms with fake email addresses and links to website etc.

What if you split the email address field into two, the first field for the email address up to but not including the "@" symbol, the second field for the part after this symbol.
You could always add an image of the "@" symbol in the middle of these two fields so not to confuse visitors.

Then you would need to check for the "@" symbol in these fields and reject the data if present, presumably if spambots fill these fields you would get two email addresses and the "@" symbol in both.

For the web addresses you could always write the www part before the form field or even have an image of this and then check if that is added to the field and reject the data also.

A problem could be autofill and programs like Roboform etc that will populate these fields, Is there a way to disable autofill on forms?
How would you impliment any of these if they are are worth adding?

Hope i've at least given you something to think about and I apologise in advance if it's a bit vague.

[puamana]

I've been combatting the same issue for some time now, I like to have a form on my site for people to contact me with specific input, but the spamming has gotten SO out of hand, I'm tempted to do away with them entirely... a terrible time waster, checking each submission to see if it's legitimate or not...

It seems so stupid to me, to even bother with these forms, since submissions usually only go to a single email address.

I am wondering if there might be some way to bend .htaccess to our use in blocking the spambots from filling in and submitting the forms?

perhaps, requiring the presence of a unique ip address? Just a thought. I know that htaccess can block spiders from specific areas of a website, while allowing browser views of that content...

Is this at all a possibility?

Mahalos,
Puamana

[Weedy Lady]

To fpeter:

If you split the field it will violate the K.I.S.S. rule and about 40% (or more) of the real people who fill out the form will do it wrong. If it is important to you to receive messages from your web site visitors I strongly suggest that you do not use a split field.

Even the "brightest and best" Web Pro World forum members often misread a thread and then post answers that aren't pertinent to the question............think of what having to actually read and think would do to the average person trying to fill out your form??????

I tried several things with forms and form validation methods, none of which were satisfactory - so I finally made a graphic with my email address on it which people have to read and type into their own email to contact me. It actually works.

The graphic is complicated enough that the spam bots can't decode it and read my email address, but easy for real people to read. See it here: Happy Day Cards CONTACT ME Page

Have a good day!

[incrediblehelp]

Why arent you guys just using captcha's?

[Weedy Lady]

Yeah, I tried those. Didn't work on my site. Not being super-tech savvy I probably did something wrong, but it was too frustrating.

ALSO, when I am on a site that does use capptchas I find that often I have to try to type in the thing 2 or 3 times and this is extremely frustrating. I didn't want to do this to my visitors.

[itsdonny]

I read a great idea here a while ago where this webmaster incorporated an invisible field for someone to put there website or some other item. Viewers couldn't see that field so of course it wouldn't be filled in. This was the cue that the form was not from a robot spammer. The robots would see and fill in the invisible field for 'website' or whatever and when submitted the form would of course not go through. This is something I would like to incorporate on my contact page. If someone knows how to do it let me know please.

Don

PS: I am currently encoding my emails using Mysterious Ways - Hide Email Addresses from Spam Harvesters but I'm getting a bunch of spam which makes me think that spam harvesters know how to decode now.

[z28com]

Use this code to post your email address on your web site to stop spambots from harvesting your email address and allow real people to send you email:

<script type="text/javascript" language="">
user ="joeblow"
domain ="yahoo.com"
subCon = "Email question"
document.write('<a href="mailto:' + user + '@' + domain +'?subject=' +subCon+' " ' +' >' + user + '@' + domain +'</a>');
</script>

This will allow the person to send an email to joeblow@yahoo.com

Replace the email address above with your own and try it out. They can click on the link or cut and paste as normal. For a spambot, they will skip right past it. Try software such as Email Extractor Pro and you'll see that it will pass with flying colors. This has DRASTICALLY reduced spam for many of my clients.

Another example:

<script language=javascript>
<!--
var x1 = "johndoe";
var x2 = "hogvalley.com";
document.write("<a href=" + "ma" + "ilto:" + x1 + "@" + x2 + ">Email Webmaster for info</a>")
//-->
</script>

[fpeter]

Hi everyone

Since posting this I have had time to think and you are right, splitting the email field makes it far too complicated to fill in the form and as Weedy Lady has said many people won't read the it, I don't have a clue what K.I.S.S is anyway.

Weedy Lady has a good idea bit it's hardly a contact form just an image of your email address, my visitors need to leave information to be added to a directory.

It seems everywhere I look for a solution the more obsticles I find but I have never been one for giving up.

So splitting the email address won't work, so what will?

Seems the only idea that won't complicate matters for the visitors is the hidden field which when filled by the bots gets rejected.

Anyone out there using this method with NMS formmail or CSS, I would love to hear from you and how you implimented it.

Please note that you will be explaining this to a person with very little coding experience.

[deepsand]

Quote:

Originally Posted by incrediblehelp

Why arent you guys just using captcha's?

1) Users hate CAPTCHAs.

2) Human readable CAPTCHAs are insufficiently machine-proof.

3) CAPTCHAs that are not machine readable lead to item no. 1.

[Weedy Lady]

Probably several other people will tell you also, but K.I.S.S. means "keep it simple, stupid"..........

[bluemi]

Why don't you use the FormMail script from Tectite.com? I have managed to get my forms almost 100% spam free with it.

[z28com]

I have used Tectite and still got tons of form spam with it.

I use this to create forms and it seems to have worked the best:

CoffeeCup Web Form Builder - Create Web Forms without using HTML or Scripts !

It creates a Flash form that bots never mess with, plus it makes really nice looking forms as opposed to using HTML.

[Akashic]

Why not a simple question that humans can read and bots can't ? 1 + 2 = ?

Surely it follows the KISS theory in every way.

[z28com]

Quote:

Originally Posted by Akashic

Why not a simple question that humans can read and bots can't ? 1 + 2 = ?

Surely it follows the KISS theory in every way.

If you use that Javascript, you can safely post your real email address on your web site without fear of the bots or making the users answer any kind of questions. That just frustrates people.

[Raoul VdC]

Splitting the email field is the easiest solution for the webmaster, but makes it more complicated for the vistor as it is not clickable anymore. I use the JavaScript code and never had a problem with harvesters.
For the webforms I use a "user-friendly" CAPTCHA where the visitor does NOT have to type in anything.
Examples are to be found in the free e-book JavaScript Vitamins: Free JavaScripts, Tutorials, Example Code, Reference, Resources, And Help

[colincartwright]

I agree with Z8, I now exclusively use Coffee Cup's Web Form builder. It generates awsome forms, with background images - anything you like and because it designs forms in shockwave flash, spambots simply cannot even see the resulting forms, let alone fill them in. Anyone with no skills at all can easily learn to use it. I would highly reccommend the thing.

I have created over 100 customer forms to date and not one has ever reported any spam at all.

Of course downside is the user needs shockwave flash on their PC to be able to use the forms, but the majority now do.

Colin

[z28com]

Quote:

Originally Posted by Raoul VdC

Splitting the email field is the easiest solution for the webmaster, but makes it more complicated for the vistor as it is not clickable anymore. I use the JavaScript code and never had a problem with harvesters.
For the webforms I use a "user-friendly" CAPTCHA where the visitor does NOT have to type in anything.
Examples are to be found in the free e-book JavaScript Vitamins: Free JavaScripts, Tutorials, Example Code, Reference, Resources, And Help

If you use my Javascript example above, people can cut and paste and the link is clickable. I get virtually no spam on email addresses I have tested it with. And the stuff that I did get was from real humans (mainly Chinese people trying to sell me stuff related to my web site and not Cialis or Viagra spam.)

[z28com]

Quote:

Originally Posted by colincartwright

I agree with Z8, I now exclusively use Coffee Cup's Web Form builder. It generates awsome forms, with background images - anything you like and because it designs forms in shockwave flash, spambots simply cannot even see the resulting forms, let alone fill them in. Anyone with no skills at all can easily learn to use it. I would highly reccommend the thing.

I have created over 100 customer forms to date and not one has ever reported any spam at all.

Of course downside is the user needs shockwave flash on their PC to be able to use the forms, but the majority now do.

Colin

That software does rock.

[deepsand]

Quote:

Originally Posted by z28com

If you use my Javascript example above, people can cut and paste and the link is clickable.

In my experience, far too many users cannot copy/cut & paste with a proficiency sufficient for its being relied on for critical operations.

[z28com]

Quote:

Originally Posted by deepsand

In my experience, far too many users cannot copy/cut & paste with a proficiency sufficient for its being relied on for critical operations.

If you tried the script, you will see that the email address is clickable. It does the exact same function as somebody putting in something such as:

<A HREF="mailto:joeblow@somewhere.com">joeblow@somewh ere.com</A>

The visitor can click or cut and paste and the email address being posted won't have spambots harvesting it.

[littlegiant]

I killed spam dead on my feedback form by using Javascript to write out a hidden input:

<script type="text/javascript">
<!--
document.write('<input type=\"hidden\" name=\"xyzxyzxyz\" value=\"test\">');
// -->
</script>

Then I made that hidden input a required field in the script that processes the form.

Then I used Javascript to write out the Submit button.

<script type="text/javascript">
<!--
document.write('<input type=\"submit\" value=\"Submit\">');
// -->
</script>
<noscript>Javascript must be enabled to submit this form.</noscript>

Boom. No more spam.

Not going to win any awards for accessibility (since Javascript must be enabled to submit the form) but it worked.

[z28com]

Quote:

Originally Posted by littlegiant

I killed spam dead on my feedback form by using Javascript to write out a hidden input:

<script type="text/javascript">
<!--
document.write('<input type=\"hidden\" name=\"xyzxyzxyz\" value=\"test\">');
// -->
</script>

Then I made that hidden input a required field in the script that processes the form.

Then I used Javascript to write out the Submit button.

<script type="text/javascript">
<!--
document.write('<input type=\"submit\" value=\"Submit\">');
// -->
</script>
<noscript>Javascript must be enabled to submit this form.</noscript>

Boom. No more spam.

Not going to win any awards for accessibility (since Javascript must be enabled to submit the form) but it worked.

That's an awesome idea for forms. I will have to start putting that on some of mine. Thanks for that tip.