[ic] A spam trap for "contact us" pages

Kevin Walsh kevin at cursor.biz
Fri Oct 28 20:50:06 EDT 2005

I thought I'd share a handy tip here, for anyone who has some sort
of "contact us" page on their website.

Put this on the page that shows your "contact us" form:

    [set post_allowed]1[/set]

Put this at the top of your form catcher page (mv_nextpage):

    [if !scratch post_allowed]
        [bounce page="spam_trap"]

With the above in place, nobody can create a script to emulate the
form and automatically post junk unless (1) the script first makes
a visit to the actual form, and (2) makes use of the session ID in
their subsequent visit to your mv_nextpage.  Ordinary users will not
be affected by this at all.

The "spam_trap" page should send something incriminating to an abuse
log.  For instance, you should log the scumbag's IP address, the
message text and the content of all of the other fields prompted for
by your form.  A short message in the error.log file is also a good

   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/

More information about the interchange-users mailing list