Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Web Form Spambot Prevention

Hi,

I have a big problem with Spambots autoinjecting code into my website forms - I dont know if they are using the "thank you" page where the server side scripting resides or the actual form - which does have javascript validation but doesnt have a captcha.

Attached are 2 files -
1) The code used for sending the email
2) The typical spambot email received.

Many thanks,

Ben lead-from-website.txt
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="ScriptLibrary/incSmartMailer.asp" -->
<%
' Smart Mailer 1.0.7
' Send on load
Server.ScriptTimeout = 10
Set sm1 = new SmartMailer
sm1.checkVersion "1.07"
sm1.contentCharset = "us-ascii"
Session.CodePage = sm1.getCodepage()
sm1.smtpSetup "localhost", "25", "", ""
sm1.pickup = ""
sm1.component = "cdo"
sm1.tmpFolder = ""
sm1.embedImages = false
sm1.progressBar = ""
sm1.ignore_errors = true
sm1.useQueue = true
sm1.setFrom "Some Website", "someemailadd"
sm1.setTo "Someone", "anotheremailadd"
sm1.setCc "", ""
sm1.setBcc "", ""
sm1.Subject = "Try our School for Free"
' using static for body
sm1.setBody_Static_html "<font color=""#000000"" size=""2"" face=""Arial, Helvetica, sans-serif"">Lead from the website..." & vbCRLF & "" & vbCRLF & "Name: " & (Request("cusname")) & "" & vbCRLF & "Child Name: " & (Request("cuschiname")) & "" & vbCRLF & "Child Age: " & (Request("cuschiage")) & "" & vbCRLF & "Mobile: " & (Request("custel")) & "" & vbCRLF & "Email: " & (Request("cusemail")) & "" & vbCRLF & "Comments: " & (Request("cuscomments")) & "" & vbCRLF & "" & vbCRLF & "=======================================" & vbCRLF & "" & vbCRLF & "Please remember that this is an automatic email and you cannot reply to it." & vbCRLF & "</font>"
' Attachments none
sm1.sendMail "one"
%>

Open in new window

0
intangiblemedia
Asked:
intangiblemedia
  • 2
  • 2
1 Solution
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
i had this same problem on some websites I managed a few years ago, I THINK what I did (I no longer work on them and dont have access to the code) was create a hidden text field and left it blank, and then on the server, I checked to see if that field had a value, if it did, I knew it was a spam bot and didnt do anything with it.
0
 
intangiblemediaAuthor Commented:
Thats a good option :)
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
Other than using capcha I think that'd be the easiest
0
 
intangiblemediaAuthor Commented:
Actually didnt work - I think Spambots may detect Input Type Hidden and not populate it... But I will try doing it with INPUT TYPE TEXT but set CSS display to none.

Kind regards,

Ben
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now