[ic] Spammers circumventing form checks
Grant
emailgrant at gmail.com
Wed Oct 10 04:12:22 EDT 2007
> Hi Grant-
> This trick ended spam from my html form:
>
> 1. Add an extra textarea field to your form.
> 2. Use css to make that box hidden to users. Only spambots will read the
> source code and fill in that field.
> 3. Filter out email that contains that form field.
>
> We do it in the nms formmail program.
> There's a description of this method here:
>
> http://blog.horizonweb.co.uk/2007/07/how-to-stop-spam-bots-with-formmail-and.html
> There's a mistake in the perl code on that page, it shows ">" instead
> of ">".
>
> Hope this helps.
> -John
Great responses everyone, thanks a lot. I'm going to summarize, in no
particular order.
1. IP-based checking
2. hidden field trickery
3. captcha
4. page history check to ensure normal field checks
I'm using #4 because it was quick to implement:
http://www.icdevgroup.org/pipermail/interchange-users/2005-October/044133.html
We'll see how it goes. I suppose it could interfere with a real user
if their session isn't working (no cookies and AOL-style dynamic IP)
and they use the back button to reach the form. I think #2 is ideal.
- Grant
> Grant wrote:
> > I have a check set up in my email form that would prevent the spam I
> > receive through there from being sent, but it doesn't seem to be
> > preventing it. I guess this means the spammers are posting directly
> > to the server and not using the actual page. Is there any way to
> > prevent this from happening?
> >
> > - Grant
More information about the interchange-users
mailing list