Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Prevent Spam online form

Posted on 2009-06-29
14
Medium Priority
?
390 Views
Last Modified: 2013-12-25
I have been able to create a successfully create a form that requires the user name, phone number & email address.  The problem is my client is recieving spam 2 or 3 a day.  How can I create additional security to decrease spam?
0
Comment
Question by:mcleeves
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 3

Expert Comment

by:eirikurh
ID: 24741451
Client side code:

Create a hidden div in your form
<form id="theform"......
<div id="hiddendiv"></div>

Add javascript to your submit button
<input type="submit" onclick="document.getElementById('hiddendiv').innerHTML = '<input type="hidden" name="submitvalue" value="ok" />';theform.submit();"


Server side code:
Check if the form submited "ok" for submitvalue

0
 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24742174
Here a a Javascript Captcha code.



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Javascript Captcha Example - Pravin Asar</title>
<script language="javascript">
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
function GetCaptcha() {
	var encStr = "23456789ABCDEFGHJKMNPQRS";
	var length = randomRange(4,8);
	var result = "";
	var i = "";
	var char = "";
	for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
	}
	return result;
}
 
function InitCaptcha() {
	var hidFld = document.MyForm.captchaHidFld;
	str = GetCaptcha();
	hidFld.value = str;
	document.getElementById('captchaTxt').innerHTML = str;
}
function ValidateCaptcha (theForm) {
	var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
	var captStr = document.MyForm.captchaHidFld.value;
	if (inpStr.length == captStr.length)
	{ 
		if (inpStr.match(captStr)) { return true; }
	}
	return false;
}
</script>
</head>
 
<body onload="InitCaptcha();">
<h1>Javascript Captcha Example
<form name="MyForm" onsubmit="return (ValidateCaptcha(this));">
<input type="hidden" name="captchaHidFld" value="" />
<div style="font-size:24px;" id="captchaTxt"></div>
<input type="text" name="captchaInpFld" value=""/>
<input type="submit" value="Submit" />
</form>
 
</body>
</html>

Open in new window

0
 
LVL 3

Author Comment

by:mcleeves
ID: 24743969
Hi Pravinsar,

Your code looks like the type of thing I am hoping for; however, I have a few problems:

1. I am using .asp files.  Will this have an effect on  the code?
2. I tried the code in an .html file and it worked; however, all my files have server side includes so there are a few problems.  In order to get my required fields to work, I needed to put the header code in the menu file (menu.asp).  I assumed your header code should go there as well.  This is a copy of the code I have in the header:

<script type="text/JavaScript">

<!-- Begin
function cmdSubmit(theForm)
{
  if (theForm.FirstName.value == "")
    {
    alert ("Please enter your first name.");
    theForm.FirstName.focus();
    return false;
    }
  if (theForm.LastName.value == "")
    {
    alert ("Please enter your last name.");
    theForm.LastName.focus();
    return false;
    }
  if (theForm.TelephoneNumber.value == "")
    {
    alert ("Please enter your telephone number.");
    theForm.TelephoneNumber.focus();
    return false;
    }
  if (theForm.EMail.value == "")
    {
    alert ("Please enter your e-mail address.");
    theForm.EMail.focus();
    return false;
    }
  return true;
}
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
function GetCaptcha() {
        var encStr = "23456789ABCDEFGHJKMNPQRS";
        var length = randomRange(4,8);
        var result = "";
        var i = "";
        var char = "";
        for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
        }
        return result;
}
 
function InitCaptcha() {
        var hidFld = document.MyForm.captchaHidFld;
        str = GetCaptcha();
        hidFld.value = str;
        document.getElementById('captchaTxt').innerHTML = str;
}
function ValidateCaptcha (theForm) {
        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
        var captStr = document.MyForm.captchaHidFld.value;
        if (inpStr.length == captStr.length)
        {
                if (inpStr.match(captStr)) { return true; }
        }
        return false;
}

</script>

//-->

3. The form code is in a separate file called comments.asp (I tried adding your header code to the comments.asp as well and it didn't make a difference). The form is long but this is the information I have at the beginning and ending of the form:

<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return (ValidateCaptcha(this)); cmdSubmit(this)">


 <input type="hidden" name="captchaHidFld" value="" />
<div style="font-size:24px;" id="captchaTxt"></div>
<input type="text" name="captchaInpFld" value=""/>
 <input type="submit"tabindex="10" value="Submit Survey">
      <input type=reset value="Clear Form">

</form>


When I test your code, the if statements I have in the original menu format stop verifying the named fields and the form just submits.  The numbers don't show in the field before the submit button.  It just sends the data for a blank form.  If you would like to view my test form online, you can see it by clicking on this URL: http://www.loab.biz/comments2.asp

Thank you for your help.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24745352
Call my function from your input validation function.


<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp"

onSubmit="return (cmdSubmit(this))">



function cmdSubmit(theForm)
{

//
// Captcha Here
//
if (!ValidateCaptcha(theForm)) { return false; }

//
// Rest of your code goes below
//

return (false);

}
0
 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24745721
Look at this one.

http://www.tipstricks.org/

0
 
LVL 3

Author Comment

by:mcleeves
ID: 24747839
I hope you are patient..... because I am still don't have this working properly.  I went to the website but their code was completely different than yours and I would rather work with a code that  you have created.  This is what I have done:

FILE: menu.asp (CODE)

<!-- BeginFunction
function cmdSubmit(theForm)

<!-- Validation
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
function GetCaptcha() {
        var encStr = "23456789ABCDEFGHJKMNPQRS";
        var length = randomRange(4,8);
        var result = "";
        var i = "";
        var char = "";
        for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
        }
        return result;
}
 
function InitCaptcha() {
        var hidFld = document.MyForm.captchaHidFld;
        str = GetCaptcha();
        hidFld.value = str;
        document.getElementById('captchaTxt').innerHTML = str;
}
function ValidateCaptcha (theForm) {
        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
        var captStr = document.MyForm.captchaHidFld.value;
        if (inpStr.length == captStr.length)
        {
                if (inpStr.match(captStr)) { return true; }
        }
        return false;
}

if (!ValidateCaptcha(theForm)) { return false; }

<!-- EndValidation
<!-- BeginForm
{
  if (theForm.FirstName.value == "")
    {
    alert ("Please enter your first name.");
    theForm.FirstName.focus();
    return false;
    }
  if (theForm.LastName.value == "")
    {
    alert ("Please enter your last name.");
    theForm.LastName.focus();
    return false;
    }
  if (theForm.TelephoneNumber.value == "")
    {
    alert ("Please enter your telephone number.");
    theForm.TelephoneNumber.focus();
    return false;
    }
  if (theForm.EMail.value == "")
    {
    alert ("Please enter your e-mail address.");
    theForm.EMail.focus();
    return false;
    }
  return true;
}
<!-- EndForm
<!-- EndFunction

Comments2.asp (form code)

<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return(cmdSubmit(this))">

\\ form content


  <input type="hidden" name="captchaHidFld" value="" />
<div style="font-size:24px;" id="captchaTxt"></div>
<input type="text" name="captchaInpFld" value=""/>
 <input type="submit"tabindex="10" value="Submit Survey">
      <input type=reset value="Clear Form">
</form>
0
 
LVL 29

Accepted Solution

by:
Pravin Asar earned 2000 total points
ID: 24748166
Here is a cleaned up code.

You had mismatching comments.


<html>
<head>
<title>CAPTCHA.ASP - Pravin Asar</title>
<style type="text/css">
</style>
 
<script language="javascript">
<!-- Begin Javascript Code 
 
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
 
function GetCaptcha() {
        var encStr = "123456789ABCDEFGHJKMNPQRSTUVWXYZ";
        var length = randomRange(4,8);
        var result = "";
        var i = "";
        var char = "";
        for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
        }
        return result;
}
 
function InitCaptcha() {
        var hidFld = document.MyForm.captchaHidFld;
        str = GetCaptcha();
        hidFld.value = str;
        document.getElementById('captchaTxt').innerHTML = str;
}
 
function ValidateCaptcha (theForm) {
        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
        var captStr = document.MyForm.captchaHidFld.value;
        if (inpStr.length == captStr.length)
        {
                if (inpStr.match(captStr)) { return true; }
        }
        return false;
}
 
function cmdSubmit(theForm)
{
  if (!ValidateCaptcha(theForm)) 
  	{
  	alert ("Please enter valid CAPTCHA Code.");
  	return false; 
  	}
 
  if (theForm.FirstName.value == "")
    {
    alert ("Please enter your first name.");
    theForm.FirstName.focus();
    return false;
    }
  if (theForm.LastName.value == "")
    {
    alert ("Please enter your last name.");
    theForm.LastName.focus();
    return false;
    }
  if (theForm.TelephoneNumber.value == "")
    {
    alert ("Please enter your telephone number.");
    theForm.TelephoneNumber.focus();
    return false;
    }
  if (theForm.EMail.value == "")
    {
    alert ("Please enter your e-mail address.");
    theForm.EMail.focus();
    return false;
    }
  return true;
 
}
-->
</script>
</head>
<body onload="InitCaptcha()">
<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return(cmdSubmit(this))">
<input type="hidden" name="captchaHidFld" value="" />
<table>
<tr><td>First Name</td><td><input type="text" name="FirstName"></td></tr>
<tr><td>Last Name</td><td><input type="text" name="LastName"></td></tr>
<tr><td>Phone Number</td><td><input type="text" name="TelephoneNumber"></td></tr>
<tr><td>Email Name</td><td><input type="text" name="EMail"></td></tr>
<tr><td>CAPTCHA TEXT</td><td><span style="font-size:24px;" id="captchaTxt">CAPTCHA</span></td></tr>
<tr><td>VALIDATE CAPTCHA</td><td><input type="text" name="captchaInpFld" value=""></td></tr>
<tr><td><input type=reset value="Clear Form"></td><td><input type="submit" tabindex="10" value="Submit Survey"></td></tr>
</table>
</form>
</body>
</html>

Open in new window

0
 
LVL 3

Author Closing Comment

by:mcleeves
ID: 31598146
Thanks this one works and I now have some security on the form.  I appreciate your help.

Thanks again!
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24756503
I have added the code to the form; however, they are still receiving the spam.  It is coming in from an email address listed from @mail.ru.  The name varies and the spam has multiple links in listed in the notes area of the form.

I have contacted the ISP and they are not sure how to stop it.  Can you give me any other suggestions?
0
 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24757627
If you ping mail.ru

that is a valid domain name.

Another way is use server-side captcha generator.

Also when a request is received, make sure this is coming from your site.

check for CGI variable HTTP_REFERER to make sure the email is coming from contact page on your site.

Look at link

http://www.w3schools.com/asp/coll_servervariables.asp
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24764731
I thought it might be an outside source so I have tried the following:
1. changed the sendmail2.asp to route to a different email address (survey@thedomain.com to comment@thedomain.com
2. changed the initial email address of the recipient from (form@thedomain.com to newform@thedomain.com)
3. I tried changing the name of the comments field to notes.  I forgot to update the sendmail2.asp and the spam came in without notes but as soon as I updated the sendmail2.asp the links appeared again in the notes field.

I also limited the receipt of any text in the email to be from mail.ru from arriving on the domain.  The account started receiving text from live.com and gmail.com.  The emails are all the same type but they vary.  They look like they come from the form because it is a survey style form that includes radio buttons & responses. The note fields all contain links to websites and refer to nude, gays or lesbians.

If you prefer, I can open this question again but it really has me baffled.  I am not sure how to generate a server-side captcha generator. Is this the captcha.asp file I downloaded from the website you gave me?
0
 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24765978
0
 
LVL 29

Expert Comment

by:Pravin Asar
ID: 24766297
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24766591
Thank you for the resources.....  I have tried one more type of removal from the ISP spam filters.  If that doesn't work, I will try these as a replacement.  I appreciate your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question