What's best way to keep spam bots from sending e-mail, registering on web site forms?
I have got an e-mail form on my web site. A spam bot has figured out how to input junk into the text fields. Here's an example of the junk that has been coming from the spam bot:
I don't know what they're trying to accomplish. The message above is meaningless.
I know that I can design an image generating class with PHP and output a security image. But I have read that some spam bots have learned to read images.
Does anybody have any suggestions about how I can keep spam bots from junking up my forms?
I've been doing my forms such that they have at least one mandatory field (typically it's the person's email address) that must parse, and one hidden field that must be blank. If they don't get both of those right - I call it spam and toss it in the trash. It's been working all right for a bit now.
Thanks for responding.
I was thinking about setting a cookie on visitors' browsers when they first visit my site. Then if the cookie is not set it won't let them process the e-mail form.
What I'm wanting to do is to try and make sure that it's a real live browser.
I'm just wondering if spam bots can recognize when a cookie is trying to be set and somehow trick the server into setting a cookie onto the spam bot. Does anybody know if a spam bot can accept a cookie?
here is a thread I started about a month ago on this very subject.
I found the system of CSS hidden fields works better than any other method, BASED on my requirements. I wanted something simple and not threating for the site reader. I personally hate the captcha scripts I find them very threating to site viewers.
As an update to the thread I've since added a second field and now no spam at all.
The Benevolent Administrator
No child should have to deal with a Brain Stem Tumor...
Wow. Good info. Simple, too. Thanks.
I've actually used validation scripts to parse for known SPAM submissions.
I also do the same in my server-side validation (I use ASP), where it redirects the form to my homepage rather than logging the form submission.
I wrote my validation scripts by looking for commonalities on every SPAM submission. For example, the first and last name fields tend to get the same text, so if FirstName = LastName on my form, the form never gets submitted (as mentioned above). Writing these scripts is time consuming and not fool-proof, but it seems to thwart the majority of attacks.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)