SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Wizard
    Join Date
    Jun 2005
    Posts
    1,441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Making a form spam-proof

    Have a form linked to cgi and it's working as expected, but getting severely hit by spammers using it. Without using any js or css what would be the quickest and easiest way to make the form spam-proof please? Any help much appreciated. Dez

  2. #2
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    You could prevent / hinder automated submission by using a captcha, or manually coding some kind of logic question (e.g. what colour is the sky?) which you then evaluate after submission.

    An alternative method is to create a text input in your form and hide it using CSS.
    Normal users won't see it, but bots will invariably fill it out.

  3. #3
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,323
    Mentioned
    462 Post(s)
    Tagged
    8 Thread(s)
    Yes, the second method Pullo mentions is better, because it doesn't punish your legitimate users. It's often called the "honeypot" method, and there are lots of threads here on that subject, as well as elsewhere. Forget CAPTCHA: it's garbage.

    Ultimately, the only way to make a form spam proof is to make it impossible to fill out. Otherwise, you will still get idiots inserting spam manually into your form, even if the bots are thwarted.

  4. #4
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Yes, the second method Pullo mentions is better, because it doesn't punish your legitimate users. It's often called the "honeypot" method, and there are lots of threads here on that subject
    I quite like this one: http://www.sitepoint.com/forums/show...u-junky-emails, especially as poes jumps in towards the end and the discussion drifts towards accessibility / usability.

  5. #5
    SitePoint Member
    Join Date
    Apr 2013
    Location
    Canada
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We often get clients requesting that we put on a captcha to thwart spammers, but I often tell them that robots will easily be able to get past the captcha. Sometimes they insist, so we put up a captcha anyway! As long as there is a public form to fill on a website, someone will get around to filling it out with spam or junk.

  6. #6
    SitePoint Wizard
    Join Date
    Jun 2005
    Posts
    1,441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks all - it's appreciated. How about a checkbox, that had to be ticked?

  7. #7
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by Dez View Post
    How about a checkbox, that had to be ticked?
    This is a form element like any other that a bot could easily fill out.
    What might make more sense was a checkbox that is hidden by default that must remain blank la honeypot).

    However, if you are being bombarded with spam anyway, you could try both methods and see what makes a bigger impact.

  8. #8
    SitePoint Enthusiast fastreplies's Avatar
    Join Date
    Apr 2011
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check box is good to have but making multiple page form is the answer.

    If your page #1 collect personal info and page #2 is asking you to confirm correctness
    by checking box in order to get to next page #3 that collects CC info, for example, and
    only after all that jumping hoops your form can be submitted... oh well, spammer will give up
    after page #2 and bots after page #1.



    fatreplies
    There is good reason why pigs never judge kanolies competition
    AMRAY Free Web Directory | AMRAY Web Hosting - Since Year 2000
    Qoolest Directory of Directories

  9. #9
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,323
    Mentioned
    462 Post(s)
    Tagged
    8 Thread(s)
    Off Topic:

    Quote Originally Posted by fastreplies View Post
    spammer will give up after page #2 and bots after page #1.
    Quite possibly. But your legitimate users might give up, too.

    You are still punishing the user here, when a simple honeypot will stonker most of the rubbish.

  10. #10
    SitePoint Enthusiast fastreplies's Avatar
    Join Date
    Apr 2011
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Off Topic:



    Quite possibly. But your legitimate users might give up, too.

    You are still punishing the user here, when a simple honeypot will stonker most of the rubbish.
    I don't think so.

    How is my form different from form where all fields compounded on single page?
    Amount of fields never changed and as far as legit concern it takes the same
    amount of time to complete 20 of them.



    fastreplies
    There is good reason why pigs never judge kanolies competition
    AMRAY Free Web Directory | AMRAY Web Hosting - Since Year 2000
    Qoolest Directory of Directories

  11. #11
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,323
    Mentioned
    462 Post(s)
    Tagged
    8 Thread(s)
    But going from page to page while filling out a form crushes the confidence of many users—myself included. You wonder where it will all end, and if your data will be saved if you need to go back. And what happens if you submit the form finally, but there was something amiss on page one? etc. I'd say avoid multi-page forms like the plague.

  12. #12
    SitePoint Enthusiast fastreplies's Avatar
    Join Date
    Apr 2011
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    I'd say avoid multi-page forms like the plague.
    Now, that's funny, LOL

    Well, we rather to loose a few impatient, irritated clients than deal with plague of spam.
    How serious are we about dealing with spammers? Well, over 30,000 on our blacklist since
    beginning of this year might give you some idea.



    fastreplies
    There is good reason why pigs never judge kanolies competition
    AMRAY Free Web Directory | AMRAY Web Hosting - Since Year 2000
    Qoolest Directory of Directories

  13. #13
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,323
    Mentioned
    462 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by fastreplies View Post
    over 30,000 on our blacklist since
    beginning of this year might give you some idea.
    Sounds like you haven't blocked those bots yet. I doubt individual spammers could post that much. Have you tried a honeypot?

  14. #14
    SitePoint Enthusiast fastreplies's Avatar
    Join Date
    Apr 2011
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Sounds like you haven't blocked those bots yet. I doubt individual spammers could post that much. Have you tried a honeypot?
    Just in case you have missed that first time
    and bots after page #1.
    As to honeypot... well, since AMRAY have joined NANAE about 12 years ago
    http://www.amray.net/nanaefaq.html

    Our blacklist is for people who were determined enough and jumped the hoops
    and went all the way to spam us, somewhere about 8 of every 10.

    You do realize I'm talking about AMRAY Web Directory?



    fastreplies
    There is good reason why pigs never judge kanolies competition
    AMRAY Free Web Directory | AMRAY Web Hosting - Since Year 2000
    Qoolest Directory of Directories

  15. #15
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,323
    Mentioned
    462 Post(s)
    Tagged
    8 Thread(s)
    O, OK. It sounded like you were saying you'd had 30,000 spam emails since the start of the year.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •