Defeating Form 'bots

Report · Jan 28, 2009

Although I've had forms on my site for several years, have recently been receiving too many forms filled out by robots (according to my domain host). They suggested a way of defeating them by including a hidden field; then, when the bot fills in the hidden field, it would signal that the form should NOT be sent.

Does anyone know how to do this reverse logic? I can insert a hidden field, but cannot find how to direct behavior if it is filled in.

Any thoughts appreciated.

Report · Jan 28, 2009

mauth wrote:
> Although I've had forms on my site for several years, have recently been
> receiving too many forms filled out by robots (according to my domain host).
> They suggested a way of defeating them by including a hidden field; then, when
> the bot fills in the hidden field, it would signal that the form should NOT be
> sent.
>
> Does anyone know how to do this reverse logic? I can insert a hidden field,
> but cannot find how to direct behavior if it is filled in.
>
> Any thoughts appreciated.
>

It would depend on what server language you have available, and what type of form method you're using (get or post). Essentially what you'd do is to check for a value in the hidden field and if present then perform some action, such as redirecting to a success/confirmation page even though the redirect is done prior to any other form processing.

I'd suggest asking in the Dreamweaver application dev forum including the server language your using as well that type of form method you're using:
http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid=12&catid=263&entercat=y

FWIW: WebAssist (my employer) has a solution pack that has several anti-spam options (including a honeypot, which is what the hidden field value check is commonly called) for form processing:
http://www.webassist.com/professional/products/productdetails.asp?PID=257
Take the feature tour (link at the top of the right hand column)

--
Danilo Celic
| http://blog.extensioneering.com/
| WebAssist Extensioneer
| Adobe Community Expert

Report · Jan 29, 2009

On 28 Jan 2009 in macromedia.exchange.extensions.dreamweaver, mauth
wrote:

> Although I've had forms on my site for several years, have recently
> been receiving too many forms filled out by robots (according to my
> domain host). They suggested a way of defeating them by including a
> hidden field; then, when the bot fills in the hidden field, it would
> signal that the form should NOT be sent.
>
> Does anyone know how to do this reverse logic? I can insert a
> hidden field,
> but cannot find how to direct behavior if it is filled in.
>
> Any thoughts appreciated.

Actually, best practice seems to be to use two hidden fields, one with
an initial value, and one without. It's the rare bot which can ignore
both fields. Check for one field to be blank, and the other to have
the initial value. And hide them using CSS, not by making them
"hidden" fields:

<style type="text/css">
.important {
display : none ;
}
</style>

<div class="important">
<p>Please don't change the next two fields.</p>
<input type="text" name="address2" id="address2" value="xyzzy">
<input type="text" name="address3" id="address3" value="">
</div>

Bots tend to like fields with names like 'address'. The text in the
paragraph is for those few rare human beings who have a non-CSS capable
browser. If you're not worried about them, you can leave it out.

In the logic for processing the form, you'd do something like:

if (address2 == "xyzzy" and address3 == "") {
/* OK to send */
} else {
/* probably have a bot */
}

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php