[ic] Spammers circumventing form checks

Grant emailgrant at gmail.com
Wed Oct 10 04:12:22 EDT 2007


> Hi Grant-
> This trick ended spam from my html form:
>
> 1. Add an extra textarea field to your form.
> 2. Use css to make that box hidden to users. Only spambots will read the
> source code and fill in that field.
> 3. Filter out email that contains that form field.
>
> We do it in the nms formmail program.
> There's a description of this method here:
>
> http://blog.horizonweb.co.uk/2007/07/how-to-stop-spam-bots-with-formmail-and.html
> There's a mistake in the perl code on that page, it shows "&gt" instead
> of ">".
>
> Hope this helps.
> -John

Great responses everyone, thanks a lot.  I'm going to summarize, in no
particular order.

1. IP-based checking
2. hidden field trickery
3. captcha
4. page history check to ensure normal field checks

I'm using #4 because it was quick to implement:

http://www.icdevgroup.org/pipermail/interchange-users/2005-October/044133.html

We'll see how it goes.  I suppose it could interfere with a real user
if their session isn't working (no cookies and AOL-style dynamic IP)
and they use the back button to reach the form.  I think #2 is ideal.

- Grant


> Grant wrote:
> > I have a check set up in my email form that would prevent the spam I
> > receive through there from being sent, but it doesn't seem to be
> > preventing it.  I guess this means the spammers are posting directly
> > to the server and not using the actual page.  Is there any way to
> > prevent this from happening?
> >
> > - Grant


More information about the interchange-users mailing list