Jump to content

Question

Posted

Hi,

I made a website for a friend and the enquiry form is fairly basic. He's suddenly getting spammed a fair bit through it and I was wondering if there were any suggestions to make it more difficult for the bots. Would rather avoid a captcha for such a simple and small website.

Example:

[code]
From: SNIPPED
Sent: Wednesday, March 27, 2013 6:25 AM
To: SNIPPED
Subject: Customer Enquiry

Name:Hermosallg
Email:fjptly198@mail.ru
From:Hermosallg
To:
Details:pequenos musical teaching college pc games reviewa russian ladies
marriage refactory [url=http://www.pradabagsjpmise.com/]プラダ

Share this post


Link to post
Share on other sites

10 answers to this question

  • 0

Posted

If you're not going to do a captcha, the only other way is to make a checkbox labelled 'Check if you're human' and NOT make it required. That will catch some of them.

Share this post


Link to post
Share on other sites
  • 0

Posted

You could tie into Akismet's API?

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='episode' timestamp='1364385573' post='595600988']
If you're not going to do a captcha, the only other way is to make a checkbox labelled 'Check if you're human' and NOT make it required. That will catch some of them.
[/quote]

or have a hidden field that looks generic so that bots do fill it in while humans won't...

I've also done challenge-response systems that hold the message they want to send, email the address they put into the form, and have them click a confirmation link before sending the original message onward.

captcha is probably the best idea though.

Share this post


Link to post
Share on other sites
  • 0

Posted

[quote name='primexx' timestamp='1364413931' post='595601874']
or have a hidden field that looks generic so that bots do fill it in while humans won't...
[/quote]

Not a bad idea.

Share this post


Link to post
Share on other sites
  • 0

Posted

These are some great ideas. I especially like the idea of the hidden field and getting the user to verify their message before sending. Thanks (Y)

Share this post


Link to post
Share on other sites
  • 0

Posted

I recently looked into the hidden field (Honeypots), and noticed a few concerns about them. Then again, no solution is perfect either lol
People with those screen readers wont know they are hidden, and might fill them in. Have to make sure to tell them not to fill it in.
Will also effect the tab button. While it is hidden, the browser might tab to it.
Some people use those auto-forms. Their form is automatically filled in for registration and such. They might fill it in. Depending on the site and form, might not be a worry.

Though honeypots would effect the fewest people I'm sure, so I'll most likely go that route with my site.

Note: I haven't tried this method. I only looked into it quickly yesterday. Those were concerns that were brought up.

Share this post


Link to post
Share on other sites
  • 0

Posted

I use a simple math question i.e. what is 5 + 3 and have cut bots out to 1 a month from 6/8 per day.

Share this post


Link to post
Share on other sites
  • 0

Posted

make them answer a random challenge question the requires thought.

Also use re-captcha as well.

there are even little puzzles you can get your users to put together.

Share this post


Link to post
Share on other sites
  • 0

Posted

It depends on the technology that your spammers are using. Some are easy to battle against and some are extremely difficult to the point of impossible to deal with via automation alone.

I share the concern with the hidden field trick. I found that it caught less than 10% of the spam on the site I work on and it came with the risk of tripping up legitimate users.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hidden field check is the method we used fairly regularly in my work if we get reports of spam messages. Doesn't interfere with 99.9% of real users and doesn't introduce another step or roadblock.

It's also rather easy to implement too which is nice. In .NET it's a simple "if" statement around the code that generates the email message.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.