Spammers will exploit any opening. Recently they've begun stuffing web forms with their nonsense. They reason that SOMEONE will read the form. Our Web forms are intended for prospects and customers. I know how disheartening it can be to create a great Web site and design a carefully crafted form only to see your email stuffed full of advertising messages with idiots trying to sell you. They are disgusting.
The most common way to eliminate form spam is to use CAPTCHA. That is the letters you have to re-type into the form to verify you are indeed a person. This is a way to do it. This will obviously keep spammers from using machines to inject their stuff.
I use a different method that doesn't require CAPTCHA. I rely on a method that uses javascript. This isn't as ironclad as CAPTCHA, however in several years of using it I have yet to see a spammer take the time to crack the system. It relies on two things:
1. Spammer tools do not support javascript.
2. Javascript is an industry approved way to verify you have a real person on the web page (this is why Google uses Javascript in its analytics program).
What I do is create a program in javascript the "writes" an input field. I place this form immediately below the form tag. Then I simply check for the input of the javascript written input field on the backend script. If it's not there, then someone is posting into the form from a machine. If it's a real person on the page, the javascript written field will be there and I let the information through.
Here is what you do in to write your program in javascript:
1. Start with a number
2. Convert it to its character equivalent
3. Add it to a sentence
4. Repeat, building up a long key of letters
5. Print that key to the browser.
Here is what your javascript program will look like:
<script type="text/javascript">
var testNum = 60;
var testText = String.fromCharCode(testNum);
testNum = 105;
testText = testText + String.fromCharCode(testNum);
testNum = 110;
testText = testText + String.fromCharCode(testNum);
testNum = 112;
testText = testText + String.fromCharCode(testNum);
testNum = 117;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 32;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 121;
testText = testText + String.fromCharCode(testNum);
testNum = 112;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 61;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 104;
testText = testText + String.fromCharCode(testNum);
testNum = 105;
testText = testText + String.fromCharCode(testNum);
testNum = 100;
testText = testText + String.fromCharCode(testNum);
testNum = 100;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 110;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 32;
testText = testText + String.fromCharCode(testNum);
testNum = 110;
testText = testText + String.fromCharCode(testNum);
testNum = 97;
testText = testText + String.fromCharCode(testNum);
testNum = 109;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 61;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 115;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 32;
testText = testText + String.fromCharCode(testNum);
testNum = 118;
testText = testText + String.fromCharCode(testNum);
testNum = 97;
testText = testText + String.fromCharCode(testNum);
testNum = 108;
testText = testText + String.fromCharCode(testNum);
testNum = 117;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 61;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 101;
testText = testText + String.fromCharCode(testNum);
testNum = 115;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 116;
testText = testText + String.fromCharCode(testNum);
testNum = 39;
testText = testText + String.fromCharCode(testNum);
testNum = 62;
testText = testText + String.fromCharCode(testNum);
document.write(testText);
</script> |
What this program does is write a hidden input field like this:
<input type="hidden" name="testtttt" value="testtttt">
|
Place this Javascript program immediately below your form tag. That way it becomes part of the form (a field of the form). That field will only appear if a real person is on the page. If someone posts into the receiving script (the action parameter of your form tag) that input field will not be there.
On the receiving script simply put and if statement at the top and a end if statement at the bottom, enclosing your entire script. If looks like this:
<%
if request.form("testtttt") = "testtttt" then
'
' Form Handling Script goes here
'
end if
%>
|
Admittedly if a determined spammer were to take the time to decipher the javascrpt, they could post into the form. My bet is they won't take the time. Spammers simply sweep the Internet looking for text fields and form tags. They're not in the business of doing any real work.
All the spammer sees is a long list of numbers. They don't see the input tag itself anywhere in the html. There are much easier targets (for their spam) than this form. Only legitimate users (people actually using the Web) can get through. Anything coming from a spam program doesn't get through. This is a simple yet effective way to eliminate form spam. It's easy to install. It doesn't subject your prospects to any tests.
We all work hard to create effective sites. Don't let spammers short-circuit your marketing effort.
|
