Dealing with Forms, Webbots & SPAM

On 28 Feb 2007 in macromedia.dreamweaver.appdev, VernMan wrote:

> Lately I been having lots of trouble with web bots submitting
> information to forms that are SPAM related. I've been including the
> offending IP addresses so that I could block them but there has to
> be another way of preventing these kinds of things from happening.
>
> What are others doing to prevent this?

What I've found:
- These bots don't, at present, do javascript
- These bots don't, at present, understand cookies and/or sessions

Almost all user agents at the present time do. (Observation suggests
that 1-2% of the (human) browsing public have javascript shut off.) So,
three possible strategies:

- Set a cookie; check for the cookie before you send the mail
- Start a session and set some value; check for the value before you send
the email
- Add a hidden field using an external javascript, thus:

<script src="foil.js" type="text/JavaScript"></script>
<!-- Accomodation for those with javascript shut off -->
<noscript>
What color is an orange? <input name='foil' type="text" />
</noscript>

And in foil.js:
// JavaScript Document
document.write("<input name='foil' type='hidden' value='orange' />");

Then in your processing script, check and make sure that there is a field
named 'foil' with the value == 'orange'.

I prefer these methods because, for the most part, they are passive -
your user doesn't have to do anything for them to work.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php