Skip to main content
N
Newsgroup_User
Inspiring
October 25, 2007
Question

Image Verification on insert record

  • October 25, 2007
  • 9 replies
  • 622 views
Hi
I have a form that submits details to an access database using insert record
behavior. However, I seem to be getting a considerable amount of spam via
this form.
Is there any way of using Image Verification (Captcha) as well as the insert
record behavior on the same page?
I've used Image Verification on simple email forms before no problem, but
this is proving to be more difficult.
Any help would be greatly appreciated.
Thanks
Gary

This topic has been closed for replies.

9 replies

N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
Great. Job done.
Many thanks for your help and patience Joe.
Much appreciated.
Gary


"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns99D4B08919471makowiecatnycapdotrE@216.104.212.96...
> On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:
>
>> Sorry about this. Tried several times on first method, which seems
>> favorite. No idea what I'm doing wrong.
>
> What you're doing wrong is not including the rest of the code to make up
> a contact form.
>
> <form method="post" action="whatever">
> <label for="myName">Name</label><input name="myName" id="myName" />
> <!-- Other form fields go here -->
> <!-- Code to insert spambot test field goes here -->
> <script type="text/javascript" src="foil.js"></script>
> <noscript>
> Type <em>orange</em> here: <input type="text" name="foil" />
> </noscript>
> <!-- END Code to insert spambot test field goes here -->
> <input value="Send EMail" type="submit" />
> </form>
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/contact.php

N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> Sorry about this. Tried several times on first method, which seems
> favorite. No idea what I'm doing wrong.

What you're doing wrong is not including the rest of the code to make up
a contact form.

<form method="post" action="whatever">
<label for="myName">Name</label><input name="myName" id="myName" />
<!-- Other form fields go here -->
<!-- Code to insert spambot test field goes here -->
<script type="text/javascript" src="foil.js"></script>
<noscript>
Type <em>orange</em> here: <input type="text" name="foil" />
</noscript>
<!-- END Code to insert spambot test field goes here -->
<input value="Send EMail" type="submit" />
</form>

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php
N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
Joe
Sorry about this. Tried several times on first method, which seems favorite.
No idea what I'm doing wrong.
Heres my code:
<form id="form1" name="form1" method="post" action="">
<script type="text/javascript" src="foil.js"></script>
</form>

Still nothing showing http://www.fuerteventura.com/free/test.html
Gary


"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns99D488F792186makowiecatnycapdotrE@216.104.212.96...
> On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:
>
>> First method - http://www.fuerteventura.com/free/test.html
>
> You'd have to include that code /inside your existing email form/.
>
>> Second pulls an error -
>> http://www.fuerteventura.com/free/classifiedtest.asp
>
> Active Server Pages error 'ASP 0126'
> Include file not found
> /errata.shtml, line 50
> The include file
> ' http://www.fuerteventura.com/copyright/copyrightlayouttest.htm' was
> not found.
> Microsoft VBScript runtime error '800a01b6'
> Object doesn't support this property or method: 'Request.form1'
> /free/classifiedtest.asp, line 43
>
> Seems like this error isn't related to the code you're trying to add?
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/contact.php

A
Anonymous
October 25, 2007

Here's another suggestion to remove unwanted hacks, attacks, etc. with an ASP Insert Record.

DIm the text fields, and compare them against unwanted characters to automatically reroute this losers away from your website. For exmaple:

<%
Dim email
email=Request.Form("email")

If IllegalChars(email)=True Then
Response.redirect("go_away_you_spam_hacking_loser.asp")
End If

Function IllegalChars(sInput)
Dim sBadChars, iCounter
IllegalChars=False
'Create an array of illegal characters and words like these
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
For iCounter = 0 to uBound(sBadChars)
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function
%>


With this placed above your code, it will filter your insert before it gets to your database. IN this example, I showed some common hack characters that you want to avoid, but you can add anything to that.

Also, you can always do a YY_checkform or similar javascript based filter that makes email be in the correct email format, etc....

Hope that helps.
N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> First method - http://www.fuerteventura.com/free/test.html

You'd have to include that code /inside your existing email form/.

> Second pulls an error -
> http://www.fuerteventura.com/free/classifiedtest.asp

Active Server Pages error 'ASP 0126'
Include file not found
/errata.shtml, line 50
The include file
' http://www.fuerteventura.com/copyright/copyrightlayouttest.htm' was
not found.
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Request.form1'
/free/classifiedtest.asp, line 43

Seems like this error isn't related to the code you're trying to add?

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php
N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
Hi
First method - http://www.fuerteventura.com/free/test.html
Second pulls an error - http://www.fuerteventura.com/free/classifiedtest.asp
Gary



"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns99D44CD3CBDE9makowiecatnycapdotrE@216.104.212.96...
> On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:
>
>> Tried the first method which showed up fine in Dreamweaver but
>> displayed a blank page online?
>
> URI?
>
>> Second method - where would I place the IF statement?
>
> In the script which processes and sends the email:
>
> <% IF [conditions] THEN
> ' Code (probably existing) which sends the email
> ELSE
> ' You're a spammer
> ' Probably new code, or just do nothing
> END IF
> %>
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/contact.php

N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> Tried the first method which showed up fine in Dreamweaver but
> displayed a blank page online?

URI?

> Second method - where would I place the IF statement?

In the script which processes and sends the email:

<% IF [conditions] THEN
' Code (probably existing) which sends the email
ELSE
' You're a spammer
' Probably new code, or just do nothing
END IF
%>

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php
N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
Cheers for that Joe
Tried the first method which showed up fine in Dreamweaver but displayed a
blank page online?
Second method - where would I place the IF statement?
Thanks again
Gary

"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns99D441D63563makowiecatnycapdotrE@216.104.212.96...
> On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:
>
>> I have a form that submits details to an access database using
>> insert record behavior. However, I seem to be getting a
>> considerable amount of spam via this form.
>> Is there any way of using Image Verification (Captcha) as well as
>> the insert record behavior on the same page?
>> I've used Image Verification on simple email forms before no
>> problem, but this is proving to be more difficult.
>> Any help would be greatly appreciated.
>
> Here's what I've found. (JFTR, I really don't like CAPTCHAs. Methods
> should be passive, so that senders don't have to expend extra effort
> in order to use the form.)
> - Spambots don't run javascript
> - Spambots love fields with 'address' in their name
>
> Try one or another of these:
>
> Method 1: Use an external javascript file to write a hidden field with
> a value; test for that field's value before you allow the mail to be
> sent. For the few real people who don't have js turned on, include
> the field in a <noscript> block and have them fill it in.
>
> <script type="text/javascript" src="foil.js"></script>
> <noscript>
> Type <em>orange</em> here: <input type="text" name="foil" />
> </noscript>
>
> where the contents of foil.js are:
> // JavaScript Document
> document.write("<input name='foil' type='hidden' value='orange' />");
>
> In your processing script, check for the presence of a field 'foil'
> with value 'orange'; if it's not there, or if it has a value other
> than orange, don't send the email.
>
> Method 2: add a couple of hidden forms that spambots just can't resist:
> <input type="hidden" name="address2" id="address" value="xyzzy" />
> <input type="hidden" name="address3" id="address" value="" />
>
> Spambots will invariably either clear a field with 'address' in its
> name, or will fill it in. So in this method, your check is more
> like:
>
> IF (Request.form("address2").value = "xyzzy") AND
> (Request.form("address3").value = "") THEN
> 'OK to send the mail
> '...
> ELSE
> 'Have a form spammer...
> END IF
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/contact.php

N
Newsgroup_UserAuthor
Inspiring
October 25, 2007
On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> I have a form that submits details to an access database using
> insert record behavior. However, I seem to be getting a
> considerable amount of spam via this form.
> Is there any way of using Image Verification (Captcha) as well as
> the insert record behavior on the same page?
> I've used Image Verification on simple email forms before no
> problem, but this is proving to be more difficult.
> Any help would be greatly appreciated.

Here's what I've found. (JFTR, I really don't like CAPTCHAs. Methods
should be passive, so that senders don't have to expend extra effort
in order to use the form.)
- Spambots don't run javascript
- Spambots love fields with 'address' in their name

Try one or another of these:

Method 1: Use an external javascript file to write a hidden field with
a value; test for that field's value before you allow the mail to be
sent. For the few real people who don't have js turned on, include
the field in a <noscript> block and have them fill it in.

<script type="text/javascript" src="foil.js"></script>
<noscript>
Type <em>orange</em> here: <input type="text" name="foil" />
</noscript>

where the contents of foil.js are:
// JavaScript Document
document.write("<input name='foil' type='hidden' value='orange' />");

In your processing script, check for the presence of a field 'foil'
with value 'orange'; if it's not there, or if it has a value other
than orange, don't send the email.

Method 2: add a couple of hidden forms that spambots just can't resist:
<input type="hidden" name="address2" id="address" value="xyzzy" />
<input type="hidden" name="address3" id="address" value="" />

Spambots will invariably either clear a field with 'address' in its
name, or will fill it in. So in this method, your check is more
like:

IF (Request.form("address2").value = "xyzzy") AND (Request.form("address3").value = "") THEN
'OK to send the mail
'...
ELSE
'Have a form spammer...
END IF

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices