How to stop spamming on contact us form

@domainkJan 10.2010

I have a form on a contact us page that has a small asp script to send the data to an e-mail address. All of a sudden, it seems a bot is busy spamming it. We are receiving useless data with a URL to some drugs website. How can I stop this kind of spamming?

Is there any other solution apart from captcha? If not, is there any good free captcha service that I can use?

to post a comment

Full-stack Developer

12 Comments(s) _↴

@FangJan 10.2010 — #Adding a hidden field, with JavaScript, then checking server-side for it's value will often help against bots which usually have scripting disabled. This may prevent some valid clients from posting.

Rejecting any forms containing dubious words that a spammer uses.

Not allowing html in the forms.

Personally validate all forms before posting on the site.

@BillArchJan 13.2010 — #I get hit in waves also, Usually from a specific IP, so I block them with the .htaccess on my cp

@TexDesignStudioJan 16.2010 — #right, either block the IP or just use captcha on the form. Captcha really sucks, but i have never had a problem with it. However, the problem now is that actual people are starting to spam and not just robots.

@jonmasterJan 16.2010 — #you can find the bad words filter snippets here

http://codefixer.com/codesnippets/replaceBadWords.asp

just an example, you can improvise it more

@chrisranjanaJan 16.2010 — #Yes it is sad but true that actual real people have started to SPAM and not autobots.

Quite hard to prevent but can be done to an extent using banned words filtering.

@MacPCMar 13.2010 — #I hate Captcha. I am wondering why some of the websties use a Captcha with all the twisted, gibberish characters that no one can read, and when you try the audio, usually it sounds like the announcements in a subway station-quack, quack, quack... I think some people take this captcha thing too far.

What's the point using captcha like that? Granted it might deter spammers, but it also drive the legit visitors nuts and ended up not sending the form or they might leave the site for good.

What about a simple readable 4-digit like the contact section of this site www.geekpcservice.com ?

What are the fellow web designers' thought on this?

I love a good KISS, Keep It Simple Stupid is my motto. ?

@Eye_for_VideoMar 13.2010 — #I run a Forum where we were having a big problem with spam registrations. We used captcha for awhile but found it was just too easy for spambots etc. to get around so instead are now using a different system to verify human response. And that is to ask a simple question that requires human reasoning to correctly answer. There are a series of simple questions like "Are you over or under 30 years of age" .... only 2 answers are allowed "over"...or..."under". "What color is the background of this page"... simple stuff like that.

Using this new human verifyable system has drastically cut the number of spam registrations. Our Forum uses vBulletin just like this one does and the new human verifyable option came out in a release a little over a year ago. In the control panel you can set up the questions as well as the acceptable answers.

Since it's based in PHP I'm sure you could make up your own system to fit your needs. Of course it doesn't do away with real humans spamming but it was a huge improvement over using captcha as far as being effective in reducing spam registrations.

Here's the Forum. Go thru the registation process for an example.

http://www.marunde-muscle.com/forum/index.php

Best wishes,

Eye for Video

www.cidigitalmedia.com

@esquiladoMar 13.2010 — #Post the code here.

@tirnaMar 14.2010 — #A [B][U]good[/U][/B] captcha is a good, albeit not 100%, defence against bots.

Designing and building a good robust visual captcha is not easy and you need a very good understanding of how bots are programmed to break them.

I did a fair bit of research on captcha a few years ago and have since built my own captcha application.

I'm amazed looking around at many of the captchas on websites at how many would be so easy to break. Basically, once the bot has broken down the image to 2 colours, black and white, the captcha is effectively broken if the captcha uses standard font letters and numbers and if they are easy to locate on the image using various segmentation techniques.

An interesting article on what makes a good captcha and how they can be broken is at:

[URL]http://computer.howstuffworks.com/captcha4.htm[/URL]

If you would like to build your own captcha have a read of this article:

http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.pdf

I used a free captcha from reCaptcha before I built my own. ReCaptcha is pretty good but you couldn't customize the way looks it much. If you go to reCaptcha's home page [URL]http://recaptcha.net/[/URL] you will probably recognise it from other websites.

@arindraMar 20.2010 — #Try captcha.net for free captcha codes. However, the free captchas are not that reliable and you must opt for bought ones.

@MrRedMar 20.2010 — #Been succeeding for several years.

1) I may not be important enough!

2) I use an email somewhat like seemai1 @ notmsn.com, then with JavaScript wait a few seconds and change it to seemail @ . It took a bit of delving but I found how to access objects and used the properties to change the text content of the form.

3) I used hash codes on all mail & mailto:addresses hyperlinks and in form POST/submit addresses etc. Because spambots look for text and don't translate (for minor sites anyway). Even did it on an open forum to prove a point.

5) Use a jpg for eyeballing the address.

4) I include a lot of spoof addresses like postmaster @ notmsn.com and [email][email protected][/email] w.gates @ live.com - you get the idea. All over my site including as comments. If they find them they may think that is all there is.

4) I don't use intuitive e-mail addresses, like mail@ info@ webmaster@ bill@ fred@ etc.

5) It doesn't stop surfers looking, and I get one from such a method.

You may find the very contorted evidence on http://cresby.com > contactme.

I do the code generation (to paste into HTML) in VBA but I have put a hash code generator page on my site.

it works on Mozilla, FF up to 3.6 and IE up to 6, but not IE 7.0.583 - I have asked for guidance on thread:

http://www.webdeveloper.com/forum/showthread.php?t=226665