Suffering from form spam? - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Suffering from form spam?

stop form spam by robots through contact forms etc

rogoff

12:46 pm on Jan 13, 2007 (gmt 0)

10+ Year Member

Recently, I started getting loads of spam being sent through the contact form on my site. I eventually realised that it's being submitted automatically by some sort of spam robot.

Anyway, after a bit of research I've managed to stop it by luring it into a trap with a bit of bait. The spam has finally stopped. Here's how I did it:

- Add a new field to the form using a typical name - something like:
<input name="email2" type="text" size="45" id="email2" />

- Then wrap it in a hidden layer so that people using web browsers can't see it, eg:
<div style="visibility:hidden">
<input name="email2" type="text" size="45" id="email2" />
</div>

- Then add some logic to your form handling so that the contact form is not actually submitted if there's any data in the invisible field, eg:
$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

Because the robots don't use browsers, they don't realise the field is hidden and they fall into the trap of adding data to the field. Once they do that, you know it's spam and can stop the data being submitted.

It doesn't rely on JavaScript and your normal users won't even know it's there. Worked for me :)

henry0

12:57 pm on Jan 13, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Yes it should works

Just add a log so you can enjoy yourself by looking at the "kills Stat"

fiu88

6:20 am on Jan 25, 2007 (gmt 0)

10+ Year Member

We've been getting flooded with these as well...
I'm trying to figure out how to prevent this...html page...a send mail asp script ..to be exact

Raymond

7:11 am on Jan 25, 2007 (gmt 0)

10+ Year Member

Thanks for sharing that trick rogoff. That's a very smart and easy way to stop spam.

[edited by: Raymond at 7:12 am (utc) on Jan. 25, 2007]

TerryG

12:39 pm on Jan 25, 2007 (gmt 0)

10+ Year Member

could you show us a better example of its use for us non code guys?

mattglet

3:27 pm on Jan 25, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

TerryG-

You know how forms have all the text fields to fill out? In rogoff's example, he/she is just putting a "hidden" text field in the form (a hidden field will not be displayed as a browser). Since spam bots aren't smart enough to know that a field is hidden or not (they just care if it's there), they'll fill in some spam values and try to send the form.

In your form handler, rogoff is suggesting you put some code that checks if this hidden value is filled in. If it is, then you've got a dumb spam bot trying to send you garbage. If it's not filled in, then you have a valid user, or a smart bot ;)

AmericanBulldog

7:15 pm on Jan 27, 2007 (gmt 0)

10+ Year Member

OK, some forms for dummies help needed here on the implementation of this

I see the new field goes into my form
<div style="visibility:hidden">
<input name="email2" type="text" size="45" id="email2" />
</div>

That's the easy part.

Where does this go?
$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

If I put it into the text file that handles my form, it just gets spat out in my form, if I put it into the form, it jsut gets spat out on the html page.

I am obviously missing something here.

mattglet

1:02 pm on Jan 29, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

$email2 = stripslashes($_POST["email2"]);
if (!empty($email2)) {
header("location: pretend_that_email_sent.php");
exit();
}

This is PHP code, and is used on a .php page.