Form Spammers (Full Version)

All Forums >> [Web Development] >> General Web Development



Message

clum1 -> Form Spammers (5/18/2009 4:25:47)

I've been getting a load more spam recently from my site's contact forms; most of it takes a familiar pattern with random crap in the text fields (vHPVltJLrohuxU being a typical Company name) and an invalid email address; e.g. kanop@nnywmj.com

I've done various things including setting up a quick method to block the user's IP address from spamming me twice (assuming it's from a PC that's infected, sod 'em...) and whilst that cut things down a fair amount it was still a problem. My latest attempt to stem things is to block anything with the user agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) as this seems to be behind 99% of my trouble. Looking through my records and on Google, I can't find any legitimate examples of this UA so hopefully I won't be blocking any good responses.

On top of these attempts, is there anything else I can do reasonably accurately and easily?

Calum



Tailslide -> RE: Form Spammers (5/18/2009 5:46:23)

I do:

1. the question thing (is ice hot or cold?)
2. honeypot textfield (if it's completed, it's dumped. Hidden off-screen by CSS)
3. Unique token in hidden field
4. Checking time between arriving and submitting form and dumping anything less than 3 seconds
5. Checking headers etc

Haven't had any form spam since I did this. Also - Mike Cherim's secure accessible form is worth looking at as it has about 16 or 17 different checks to prevent spam. Only reason I don't use it more often is it's a big script and therefore awkward to tailor to different field types etc.



TexasWebDevelopers -> RE: Form Spammers (5/18/2009 12:17:28)

quote:

4. Checking time between arriving and submitting form and dumping anything less than 3 seconds

Thanks for the time suggestion. Although I've seen this method suggested I never did know how fast a spam-bot might submit the page versus us sluggish real human types.



clum1 -> RE: Form Spammers (5/19/2009 9:46:19)

I like the idea of the time check; I'll see how my current methods work (no spam since implelented...) and add that in too if I need to.
cheers

Calum



Tailslide -> RE: Form Spammers (5/19/2009 10:05:49)

3 seconds is a bit arbitrary - you can use what you like, I just think that there's no way a human would do it in less.



womble -> RE: Form Spammers (5/26/2009 17:18:35)


quote:

ORIGINAL: Tailslide
Also - Mike Cherim's secure accessible form is worth looking at as it has about 16 or 17 different checks to prevent spam. Only reason I don't use it more often is it's a big script and therefore awkward to tailor to different field types etc.


I use Mike's form script for all my sites now and I've had no spam through any of the forms on all the sites I used it on where the email address is used no-where else. The latest version of the form has got some optional fields built into it (mainly for 'address') which you can choose whether to use or not, or providing you can find your way around a bit of HTML/PHP you could re-name the fields possibly.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.0625