What's best way to keep spam bots from sending e-mail, registering on web site forms?

[KnoxVol]

Hello;

I have got an e-mail form on my web site. A spam bot has figured out how to input junk into the text fields. Here's an example of the junk that has been coming from the spam bot:

Message From: zwhdwxlbb
Telephone Number: EwXelkTGgCHYGBgLmda
Email Address: rcvcpm@dvhlkf.com

2aDrFf escdckhfmwou, cczpdzanhuqy,
[link=http://cfykhdjsawmt.com/]cfykhdjsawmt[/link], http://rhhtzndlbrdh.com/

I don't know what they're trying to accomplish. The message above is meaningless.

I know that I can design an image generating class with PHP and output a security image. But I have read that some spam bots have learned to read images.

Does anybody have any suggestions about how I can keep spam bots from junking up my forms?

Thanks.

[tracknut]

I've been doing my forms such that they have at least one mandatory field (typically it's the person's email address) that must parse, and one hidden field that must be blank. If they don't get both of those right - I call it spam and toss it in the trash. It's been working all right for a bit now.

Dave

[KnoxVol]

tracknut;

Thanks for responding.

I was thinking about setting a cookie on visitors' browsers when they first visit my site. Then if the cookie is not set it won't let them process the e-mail form.

What I'm wanting to do is to try and make sure that it's a real live browser.

I'm just wondering if spam bots can recognize when a cookie is trying to be set and somehow trick the server into setting a cookie onto the spam bot. Does anybody know if a spam bot can accept a cookie?

[Compguy Pete]

here is a thread I started about a month ago on this very subject.

I found the system of CSS hidden fields works better than any other method, BASED on my requirements. I wanted something simple and not threating for the site reader. I personally hate the captcha scripts I find them very threating to site viewers.

http://www.webdeveloper.com/forum/sh...d.php?t=160151

As an update to the thread I've since added a second field and now no spam at all.

[KnoxVol]

Wow. Good info. Simple, too. Thanks.

[ArthurKay]

I've actually used validation scripts to parse for known SPAM submissions.

I start by using JavaScript to check for words like "viagra", "cialis", and other words. If they appear, I throw their browser into an infinite loop.

I also do the same in my server-side validation (I use ASP), where it redirects the form to my homepage rather than logging the form submission.

I wrote my validation scripts by looking for commonalities on every SPAM submission. For example, the first and last name fields tend to get the same text, so if FirstName = LastName on my form, the form never gets submitted (as mentioned above). Writing these scripts is time consuming and not fool-proof, but it seems to thwart the majority of attacks.

[twiggystardust]

Hey, try this tutorial - http://michael.langley.id.au/blog/posts/28

worked for me.