Skip Navigation | Groups

This site uses cookies- for more information see the Cookie Policy | Continue

Tags

Forms

2007120103 Email to Ronx
 

Reduce Spam in Form results

Methods of combatting Spam in Forms


How to stop automated bots using forms to send Spam

The best solution requires server side scripting to spot the spammers. JavaScript validation in the browser will only be effective if the user (human or machine) has JavaScript enabled, hence server side scripting is required.  The FrontPage forms processor is not capable of spotting spam, so client side JavaScript is the only option when using FP extensions to process the form.

HIPs are used to differentiate between humans and machines. Four HIPs are outlined below, with examples. The example forms do not send any data to anywhere.

Captcha

If the spammer is an automated bot it is possible to exclude them using a captcha device on the form - but this should be validated using server side scripting.  A human spammer will easily overcome defences of this type, so validation has to go further to check for hyperlinks in the other fields. However, there are some bots that can

The "captcha" is usually implemented as an image with distorted characters, and the user is asked to type those characters into a form field.  Validation checks the result and deals with the form accordingly.

An example of a form using a simple captcha is at captcha.aspx. See wikipedia.org/wiki/Captcha for more information.

Random Questions

Other measures can take the form of a simple question, such "What colour is a blue sky?"   The validation will check for "blue" as the answer, allowing for upper and lower case.

See Random Questions for an example. This page uses asp to set a random question, and checks the response.

Hidden Fields

Using hidden fields can also defeat spammers. Add a <div> to the form and style it to be hidden. If the automatic bot fills in these fields, then reject the form. A human form-filler would not know these fields exist, unless their browser has CSS disabled.

See hidden fields for an example.

Asirra

The Asirra (Animal Species Image Recognition for Restricting Access) method uses pictures of animals to determine whether the form-filler is human or machine. See Asirra (at Microsoft.com) for more information, and Assira is an example.