preventing spam on form

aprogrammer · #1 (**permalink**) 01-22-07, 01:24 AM

I created a contact form that is emailed but it is being spammed very often.

what can I do to prevent this?
does anyone know of any free good scripts for producing an image that the user has to type?

Vicious · #2 (**permalink**) 01-22-07, 02:51 AM

Personally, I don't like these CAPTCHA images. There's another way to prevent spam: Akismet. URL: http://akismet.com/

I have used it, and with success.

#3 (**permalink**) 01-22-07, 01:57 PM

captcha.... there is a free one from web wiz...i have to agree on the not liking them much...

vicious: how is akismet? i ahve never used it but have heard varied opinions on it?

GO4TF4CE · #4 (**permalink**) 01-26-07, 04:07 AM

Use http referrer and check for the page that it comes from. Also remove any generic requests and carriage returns i.e. vbcrlf, chr(31) etc

Never pay for simplicity.

Vicious · #5 (**permalink**) 01-26-07, 05:35 AM

Akismet is quite good I think. The "bad" thing is that you need to register at Wordpress to get a development key. Once you have it, you can download a software class that handles all the things for you.

Every time a comment is submitted, you have to send some details to akismet (via that class), end then it returns wether or not it thinks the comment is a spam. So next you store the comment in your database, and you mark if it is a spam or not. This enables you to check later for false positives.

All in all I think it is a good initiative. It easier for the visitors to add a comment, and you still are pretty safe from the spam. If you false negative, you can also send it to Akismet.

End User · #6 (**permalink**) 01-26-07, 06:20 AM

I've found that by disallowing the string "http" you'll screen out about 99.9% of all the spam that tries to get sent.

Simply fail the form with a polite message. A human will be able to see it and work around it (add a space or remove the 'http') and still send the message but the bots won't.

Also, by adding a hidden field (or a field marked "Don't Fill This In") you can then fail the form if that field contains anything, since most bots attempt to fill in every field no matter what.

Nico · #7 (**permalink**) 01-26-07, 06:22 AM

Quote:

Originally Posted by End User

Also, by adding a hidden field (or a field marked "Don't Fill This In") you can then fail the form if that field contains anything, since most bots attempt to fill in every field no matter what.

I've been using the hidden field trick for a while and it worked just great for me... didn't get any spam since then.