How can you stop someone from automatically filling out a form on your site?

[Mastercheddaar]

I have a problem with applications/requests for information forms being filled out by automated spammers. I will get a request and it will end up being just spam selling me time-share, pills, etc. etc. I have put in a "type in this word" thingie (sry I forgot what they are called), however this only corrected the problem for a few months and now they are back. It is getting annoying. I receive about 25-30 of these a day. Can anyone give me or send me a link so I can receive some zen-like wisdom to stop this once and for all?

MC

[astro]

It depends on where the enquiry form is hosted.

1. If you have the form on your own server generated by drag and drop software and the script is not encoded your email address is clearly visible, even with visual confirmation. The get-a-round for this was discovered years ago. It makes no difference with CGI, Perl or PHP scripts, all are vunerable. Unless your email address is held on a secure server and the form encoded to go through that server as a filter. I suspect not.
2. If you are hosting your website on free webspace.........'nuff said really.
3. I had this problem, so outsourced my form with a specialist provider. It is cheap to do, hassle free and organised in minutes. I still get the odd offer to view dodgy websites or increase my manhood, but it amounts on average to less than one a month. So happy with this solution.

If you would like the URL not sure if I can post it here ( possibly break some rule or somat) but email me through my website and happy to provide. Remember once filled in, to refer the form to a thank you page, this allows a controlled exit from your site, perhaps to another of your sites? The one thing you can guarantee is anyone arriving at your site will leave, so a form filler is a serious enquirer worth attempting to keep on one of your sites. A thank you page is the only page where banner blindness is not a factor as a decision by the surfer needs to be made. I.E. where do I go from here?

It also stops repeat clicks of the submit button when people think nothing has happened!

smiles
Astro

[activeco]

Try to find better captcha or make something on your own, such as a challenge math question.
Maybe you can try Stop Comment Spam and Trackback Spam « Akismet too.

[alhefner]

Using a good captcha on your form will get rid of most of the spam.

Never, ever, for any reason, display your email address on a web page!!!!! Always use form processing for contact and enquiries.

Look on hotscripts.com for free captcha snipets or scripts that you can use on your contact form pages. There are literaly a ton of options! One method that works fairly well is to display a small thumnail and have the user choose from a multiple choice list of what the picture is of.

Lastly, no matter what the result of the captcha, send the user to some type of thank you page! For those who correctly identify the captcha, send them to the real page. For the bots that mess up the captcha, send them to a fake page that doesn't send the form data to you. This means that your captcha image must be very clear so your real users can actually read it!

[dbramley]

I use this software on my site and seems to trap the majority of it:

Web Wiz CAPTCHA - Free Security Image Software

Its simple to install and easy for your customers / visitors to use.

Dan

[rei12]

There are many type of captches. Some of them are pretty easy for automatically recognition. Try to find something more complex, for example with questions. A person can read, understand and type an answer, but it would be difficult for a program.

[speed]

Create an entry field in the form with a name such as email3 and populate it with a default value, doesn't matter exactly what.

Then write some English text after it explaining that this field is there to help prevent spam and should be left as-is.

Next use CSS to hide the whole field, that way only people with CSS off and bots will see it.

When the form is submitted check to see if the value of this field matches the default value you set, if it doesn't assume it's a bot and stop the form processing script dead.

While not perfect it does stop a lot of bot spam without inconveniencing the user at all and unlike image verification the site remains accessible.

You can see it in action at http://www.worldsiteindex.com/contact.php just view the page with no style or view the source.

My other favourite is to use a simple maths question.