Jump to content



Photo

Spam via website enquiry form. Solution?


  • Please log in to reply
10 replies to this topic

#1 Axel

Axel

    --[Est. 1986]--

  • Joined: 05-August 03
  • Location: Milton Keynes, UK

Posted 27 March 2013 - 11:33

Hi,

I made a website for a friend and the enquiry form is fairly basic. He's suddenly getting spammed a fair bit through it and I was wondering if there were any suggestions to make it more difficult for the bots. Would rather avoid a captcha for such a simple and small website.

Example:

From: SNIPPED
Sent: Wednesday, March 27, 2013 6:25 AM
To: SNIPPED
Subject: Customer Enquiry

Name:Hermosallg
Email:fjptly198@mail.ru
From:Hermosallg
To:
Details:pequenos musical teaching college pc games reviewa russian ladies
marriage refactory    [url=http://www.pradabagsjpmise.com/]プラダ
長財布[/url]
hd burner record collector wooden potty chair 3 3101 gracecheng
[url=http://www.mcmbagsjpmise.com/]MCM 激安[/url]
turbulence 3 movie ear radio zenith zhdtv1 scrubs season 5 super nintendo
gun door speaker sea kayak schecter c 1 classic gear nob obagi nu derm
[url=http://www.blaklabeljpsale.com/]バーバリーブラックレーベル[/url]
  mustang stickers pajama travel by cargo ship reinvented green mascara 12
inch speakers aroma burners podolny magneatos razr motorola 

Cheers,

Alex


#2 episode

episode

    Neowinian Fanatic

  • Tech Issues Solved: 3
  • Joined: 11-December 01

Posted 27 March 2013 - 11:59

If you're not going to do a captcha, the only other way is to make a checkbox labelled 'Check if you're human' and NOT make it required. That will catch some of them.

#3 Brian M.

Brian M.

    Neowinian Senior

  • Tech Issues Solved: 10
  • Joined: 07-January 05
  • Location: London, UK

Posted 27 March 2013 - 17:20

You could tie into Akismet's API?

#4 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 27 March 2013 - 19:52

If you're not going to do a captcha, the only other way is to make a checkbox labelled 'Check if you're human' and NOT make it required. That will catch some of them.


or have a hidden field that looks generic so that bots do fill it in while humans won't...

I've also done challenge-response systems that hold the message they want to send, email the address they put into the form, and have them click a confirmation link before sending the original message onward.

captcha is probably the best idea though.

#5 episode

episode

    Neowinian Fanatic

  • Tech Issues Solved: 3
  • Joined: 11-December 01

Posted 27 March 2013 - 20:05

or have a hidden field that looks generic so that bots do fill it in while humans won't...


Not a bad idea.

#6 OP Axel

Axel

    --[Est. 1986]--

  • Joined: 05-August 03
  • Location: Milton Keynes, UK

Posted 27 March 2013 - 22:04

These are some great ideas. I especially like the idea of the hidden field and getting the user to verify their message before sending. Thanks (Y)

#7 ncc50446

ncc50446

    Engage!

  • Tech Issues Solved: 1
  • Joined: 09-January 04
  • Location: Saskatchewan, Canada
  • OS: Windows 7
  • Phone: Android CM11 4.4.4

Posted 27 March 2013 - 22:40

I recently looked into the hidden field (Honeypots), and noticed a few concerns about them. Then again, no solution is perfect either lol
People with those screen readers wont know they are hidden, and might fill them in. Have to make sure to tell them not to fill it in.
Will also effect the tab button. While it is hidden, the browser might tab to it.
Some people use those auto-forms. Their form is automatically filled in for registration and such. They might fill it in. Depending on the site and form, might not be a worry.

Though honeypots would effect the fewest people I'm sure, so I'll most likely go that route with my site.

Note: I haven't tried this method. I only looked into it quickly yesterday. Those were concerns that were brought up.

#8 Depicus

Depicus

    depicus.com

  • Joined: 18-February 11
  • Location: United Kingdom
  • OS: OS X 10.9 - Windows 8.1
  • Phone: Nexus 5

Posted 27 March 2013 - 22:55

I use a simple math question i.e. what is 5 + 3 and have cut bots out to 1 a month from 6/8 per day.

#9 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 28 March 2013 - 01:06

make them answer a random challenge question the requires thought.

Also use re-captcha as well.

there are even little puzzles you can get your users to put together.

#10 +DonC

DonC

    Neowinian

  • Joined: 16-August 07
  • Location: England

Posted 28 March 2013 - 01:27

It depends on the technology that your spammers are using. Some are easy to battle against and some are extremely difficult to the point of impossible to deal with via automation alone.

I share the concern with the hidden field trick. I found that it caught less than 10% of the spam on the site I work on and it came with the risk of tripping up legitimate users.

#11 Sandor

Sandor

    Neowinian Senior

  • Joined: 28-November 03
  • OS: Win 8.1

Posted 29 March 2013 - 04:38

Hidden field check is the method we used fairly regularly in my work if we get reports of spam messages. Doesn't interfere with 99.9% of real users and doesn't introduce another step or roadblock.

It's also rather easy to implement too which is nice. In .NET it's a simple "if" statement around the code that generates the email message.