Solved

Prevent Spam online form

Posted on 2009-06-29
14
364 Views
Last Modified: 2013-12-25
I have been able to create a successfully create a form that requires the user name, phone number & email address.  The problem is my client is recieving spam 2 or 3 a day.  How can I create additional security to decrease spam?
0
Comment
Question by:mcleeves
  • 7
  • 6
14 Comments
 
LVL 3

Expert Comment

by:eirikurh
ID: 24741451
Client side code:

Create a hidden div in your form
<form id="theform"......
<div id="hiddendiv"></div>

Add javascript to your submit button
<input type="submit" onclick="document.getElementById('hiddendiv').innerHTML = '<input type="hidden" name="submitvalue" value="ok" />';theform.submit();"


Server side code:
Check if the form submited "ok" for submitvalue

0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24742174
Here a a Javascript Captcha code.



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Javascript Captcha Example - Pravin Asar</title>

<script language="javascript">

function randomRange(minVal,maxVal)

{

  var randVal = minVal+(Math.random()*(maxVal-minVal));

  return (Math.floor(randVal));

}

function GetCaptcha() {

	var encStr = "23456789ABCDEFGHJKMNPQRS";

	var length = randomRange(4,8);

	var result = "";

	var i = "";

	var char = "";

	for(i=0; i <= length; i++) {

      char = encStr.substr(randomRange(1,encStr.length),1);

      result += char;

	}

	return result;

}
 

function InitCaptcha() {

	var hidFld = document.MyForm.captchaHidFld;

	str = GetCaptcha();

	hidFld.value = str;

	document.getElementById('captchaTxt').innerHTML = str;

}

function ValidateCaptcha (theForm) {

	var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();

	var captStr = document.MyForm.captchaHidFld.value;

	if (inpStr.length == captStr.length)

	{ 

		if (inpStr.match(captStr)) { return true; }

	}

	return false;

}

</script>

</head>
 

<body onload="InitCaptcha();">

<h1>Javascript Captcha Example

<form name="MyForm" onsubmit="return (ValidateCaptcha(this));">

<input type="hidden" name="captchaHidFld" value="" />

<div style="font-size:24px;" id="captchaTxt"></div>

<input type="text" name="captchaInpFld" value=""/>

<input type="submit" value="Submit" />

</form>
 

</body>

</html>

Open in new window

0
 
LVL 3

Author Comment

by:mcleeves
ID: 24743969
Hi Pravinsar,

Your code looks like the type of thing I am hoping for; however, I have a few problems:

1. I am using .asp files.  Will this have an effect on  the code?
2. I tried the code in an .html file and it worked; however, all my files have server side includes so there are a few problems.  In order to get my required fields to work, I needed to put the header code in the menu file (menu.asp).  I assumed your header code should go there as well.  This is a copy of the code I have in the header:

<script type="text/JavaScript">

<!-- Begin
function cmdSubmit(theForm)
{
  if (theForm.FirstName.value == "")
    {
    alert ("Please enter your first name.");
    theForm.FirstName.focus();
    return false;
    }
  if (theForm.LastName.value == "")
    {
    alert ("Please enter your last name.");
    theForm.LastName.focus();
    return false;
    }
  if (theForm.TelephoneNumber.value == "")
    {
    alert ("Please enter your telephone number.");
    theForm.TelephoneNumber.focus();
    return false;
    }
  if (theForm.EMail.value == "")
    {
    alert ("Please enter your e-mail address.");
    theForm.EMail.focus();
    return false;
    }
  return true;
}
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
function GetCaptcha() {
        var encStr = "23456789ABCDEFGHJKMNPQRS";
        var length = randomRange(4,8);
        var result = "";
        var i = "";
        var char = "";
        for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
        }
        return result;
}
 
function InitCaptcha() {
        var hidFld = document.MyForm.captchaHidFld;
        str = GetCaptcha();
        hidFld.value = str;
        document.getElementById('captchaTxt').innerHTML = str;
}
function ValidateCaptcha (theForm) {
        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
        var captStr = document.MyForm.captchaHidFld.value;
        if (inpStr.length == captStr.length)
        {
                if (inpStr.match(captStr)) { return true; }
        }
        return false;
}

</script>

//-->

3. The form code is in a separate file called comments.asp (I tried adding your header code to the comments.asp as well and it didn't make a difference). The form is long but this is the information I have at the beginning and ending of the form:

<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return (ValidateCaptcha(this)); cmdSubmit(this)">


 <input type="hidden" name="captchaHidFld" value="" />
<div style="font-size:24px;" id="captchaTxt"></div>
<input type="text" name="captchaInpFld" value=""/>
 <input type="submit"tabindex="10" value="Submit Survey">
      <input type=reset value="Clear Form">

</form>


When I test your code, the if statements I have in the original menu format stop verifying the named fields and the form just submits.  The numbers don't show in the field before the submit button.  It just sends the data for a blank form.  If you would like to view my test form online, you can see it by clicking on this URL: http://www.loab.biz/comments2.asp

Thank you for your help.
0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24745352
Call my function from your input validation function.


<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp"

onSubmit="return (cmdSubmit(this))">



function cmdSubmit(theForm)
{

//
// Captcha Here
//
if (!ValidateCaptcha(theForm)) { return false; }

//
// Rest of your code goes below
//

return (false);

}
0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24745721
Look at this one.

http://www.tipstricks.org/

0
 
LVL 3

Author Comment

by:mcleeves
ID: 24747839
I hope you are patient..... because I am still don't have this working properly.  I went to the website but their code was completely different than yours and I would rather work with a code that  you have created.  This is what I have done:

FILE: menu.asp (CODE)

<!-- BeginFunction
function cmdSubmit(theForm)

<!-- Validation
function randomRange(minVal,maxVal)
{
  var randVal = minVal+(Math.random()*(maxVal-minVal));
  return (Math.floor(randVal));
}
function GetCaptcha() {
        var encStr = "23456789ABCDEFGHJKMNPQRS";
        var length = randomRange(4,8);
        var result = "";
        var i = "";
        var char = "";
        for(i=0; i <= length; i++) {
      char = encStr.substr(randomRange(1,encStr.length),1);
      result += char;
        }
        return result;
}
 
function InitCaptcha() {
        var hidFld = document.MyForm.captchaHidFld;
        str = GetCaptcha();
        hidFld.value = str;
        document.getElementById('captchaTxt').innerHTML = str;
}
function ValidateCaptcha (theForm) {
        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();
        var captStr = document.MyForm.captchaHidFld.value;
        if (inpStr.length == captStr.length)
        {
                if (inpStr.match(captStr)) { return true; }
        }
        return false;
}

if (!ValidateCaptcha(theForm)) { return false; }

<!-- EndValidation
<!-- BeginForm
{
  if (theForm.FirstName.value == "")
    {
    alert ("Please enter your first name.");
    theForm.FirstName.focus();
    return false;
    }
  if (theForm.LastName.value == "")
    {
    alert ("Please enter your last name.");
    theForm.LastName.focus();
    return false;
    }
  if (theForm.TelephoneNumber.value == "")
    {
    alert ("Please enter your telephone number.");
    theForm.TelephoneNumber.focus();
    return false;
    }
  if (theForm.EMail.value == "")
    {
    alert ("Please enter your e-mail address.");
    theForm.EMail.focus();
    return false;
    }
  return true;
}
<!-- EndForm
<!-- EndFunction

Comments2.asp (form code)

<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return(cmdSubmit(this))">

\\ form content


  <input type="hidden" name="captchaHidFld" value="" />
<div style="font-size:24px;" id="captchaTxt"></div>
<input type="text" name="captchaInpFld" value=""/>
 <input type="submit"tabindex="10" value="Submit Survey">
      <input type=reset value="Clear Form">
</form>
0
 
LVL 28

Accepted Solution

by:
Pravin Asar earned 500 total points
ID: 24748166
Here is a cleaned up code.

You had mismatching comments.


<html>

<head>

<title>CAPTCHA.ASP - Pravin Asar</title>

<style type="text/css">

</style>
 

<script language="javascript">

<!-- Begin Javascript Code 
 

function randomRange(minVal,maxVal)

{

  var randVal = minVal+(Math.random()*(maxVal-minVal));

  return (Math.floor(randVal));

}
 

function GetCaptcha() {

        var encStr = "123456789ABCDEFGHJKMNPQRSTUVWXYZ";

        var length = randomRange(4,8);

        var result = "";

        var i = "";

        var char = "";

        for(i=0; i <= length; i++) {

      char = encStr.substr(randomRange(1,encStr.length),1);

      result += char;

        }

        return result;

}

 

function InitCaptcha() {

        var hidFld = document.MyForm.captchaHidFld;

        str = GetCaptcha();

        hidFld.value = str;

        document.getElementById('captchaTxt').innerHTML = str;

}
 

function ValidateCaptcha (theForm) {

        var inpStr = (document.MyForm.captchaInpFld.value).toUpperCase();

        var captStr = document.MyForm.captchaHidFld.value;

        if (inpStr.length == captStr.length)

        {

                if (inpStr.match(captStr)) { return true; }

        }

        return false;

}
 

function cmdSubmit(theForm)

{

  if (!ValidateCaptcha(theForm)) 

  	{

  	alert ("Please enter valid CAPTCHA Code.");

  	return false; 

  	}
 

  if (theForm.FirstName.value == "")

    {

    alert ("Please enter your first name.");

    theForm.FirstName.focus();

    return false;

    }

  if (theForm.LastName.value == "")

    {

    alert ("Please enter your last name.");

    theForm.LastName.focus();

    return false;

    }

  if (theForm.TelephoneNumber.value == "")

    {

    alert ("Please enter your telephone number.");

    theForm.TelephoneNumber.focus();

    return false;

    }

  if (theForm.EMail.value == "")

    {

    alert ("Please enter your e-mail address.");

    theForm.EMail.focus();

    return false;

    }

  return true;
 

}

-->

</script>

</head>

<body onload="InitCaptcha()">

<form name="MyForm" method="post" action="/cgi-bin/sendmail2.asp" onSubmit="return(cmdSubmit(this))">

<input type="hidden" name="captchaHidFld" value="" />

<table>

<tr><td>First Name</td><td><input type="text" name="FirstName"></td></tr>

<tr><td>Last Name</td><td><input type="text" name="LastName"></td></tr>

<tr><td>Phone Number</td><td><input type="text" name="TelephoneNumber"></td></tr>

<tr><td>Email Name</td><td><input type="text" name="EMail"></td></tr>

<tr><td>CAPTCHA TEXT</td><td><span style="font-size:24px;" id="captchaTxt">CAPTCHA</span></td></tr>

<tr><td>VALIDATE CAPTCHA</td><td><input type="text" name="captchaInpFld" value=""></td></tr>

<tr><td><input type=reset value="Clear Form"></td><td><input type="submit" tabindex="10" value="Submit Survey"></td></tr>

</table>

</form>

</body>

</html>

Open in new window

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 3

Author Closing Comment

by:mcleeves
ID: 31598146
Thanks this one works and I now have some security on the form.  I appreciate your help.

Thanks again!
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24756503
I have added the code to the form; however, they are still receiving the spam.  It is coming in from an email address listed from @mail.ru.  The name varies and the spam has multiple links in listed in the notes area of the form.

I have contacted the ISP and they are not sure how to stop it.  Can you give me any other suggestions?
0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24757627
If you ping mail.ru

that is a valid domain name.

Another way is use server-side captcha generator.

Also when a request is received, make sure this is coming from your site.

check for CGI variable HTTP_REFERER to make sure the email is coming from contact page on your site.

Look at link

http://www.w3schools.com/asp/coll_servervariables.asp
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24764731
I thought it might be an outside source so I have tried the following:
1. changed the sendmail2.asp to route to a different email address (survey@thedomain.com to comment@thedomain.com
2. changed the initial email address of the recipient from (form@thedomain.com to newform@thedomain.com)
3. I tried changing the name of the comments field to notes.  I forgot to update the sendmail2.asp and the spam came in without notes but as soon as I updated the sendmail2.asp the links appeared again in the notes field.

I also limited the receipt of any text in the email to be from mail.ru from arriving on the domain.  The account started receiving text from live.com and gmail.com.  The emails are all the same type but they vary.  They look like they come from the form because it is a survey style form that includes radio buttons & responses. The note fields all contain links to websites and refer to nude, gays or lesbians.

If you prefer, I can open this question again but it really has me baffled.  I am not sure how to generate a server-side captcha generator. Is this the captcha.asp file I downloaded from the website you gave me?
0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24765978
0
 
LVL 28

Expert Comment

by:Pravin Asar
ID: 24766297
0
 
LVL 3

Author Comment

by:mcleeves
ID: 24766591
Thank you for the resources.....  I have tried one more type of removal from the ISP spam filters.  If that doesn't work, I will try these as a replacement.  I appreciate your help.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now