• Protecting your forms from spam

    by
    flipfilter
    Published on October 3rd, 2011 08:10 AM
    0 Comments Comments
    Quote Originally Posted by Kay View Post
    My take on it is that you get bots which spam your websites - blog, forum, whatever. But the contact form used to be relatively safe. Ken suggests that maybe these spamming #*&* have now created a means to infiltrate and spam contact forms.
    The days of contact forms being 'safe' are long gone Kay. The script works like this

    1) Load the index page of site and collect all the internal links
    2) load each one until you find a form that matches some criteria (existence of the word contact or email is usually enough)
    3) Do a pattern match to make an 'educated guess' as to the email and message fields (works about 80% of the time)
    4) if there's a captca, submit it to a Captcha service like decaptcha through their API.
    5) submit the message and the solved Captcha by taking the form's destination address (in the form tag) and submitting your message, email / phone and captcha value as post using something called cUrl.
    6) Keep doing this with as many sites as you have urls!

    Some ways to reduce contact form spam include

    1) using irregular names for contact pages and form fields to throw spammers off.
    2) using regular names for form fields that do nothing, and hidding these from a real user (replacing with the real fields) using Ajax after the page loads.
    3) using Akismet on your form script - they've got a massive spammer database.
    4) Using a puzzle Captcha if you dont already have one.
    This article was originally published in forum thread: Don't lie to me! started by Kay View original post
    Categories:
    1. Running Website Businesses,
    2. Technical Issues