Solved

Web Form Spambot Prevention

Posted on 2011-09-15
4
227 Views
Last Modified: 2012-06-21
Hi,

I have a big problem with Spambots autoinjecting code into my website forms - I dont know if they are using the "thank you" page where the server side scripting resides or the actual form - which does have javascript validation but doesnt have a captcha.

Attached are 2 files -
1) The code used for sending the email
2) The typical spambot email received.

Many thanks,

Ben lead-from-website.txt
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="ScriptLibrary/incSmartMailer.asp" -->
<%
' Smart Mailer 1.0.7
' Send on load
Server.ScriptTimeout = 10
Set sm1 = new SmartMailer
sm1.checkVersion "1.07"
sm1.contentCharset = "us-ascii"
Session.CodePage = sm1.getCodepage()
sm1.smtpSetup "localhost", "25", "", ""
sm1.pickup = ""
sm1.component = "cdo"
sm1.tmpFolder = ""
sm1.embedImages = false
sm1.progressBar = ""
sm1.ignore_errors = true
sm1.useQueue = true
sm1.setFrom "Some Website", "someemailadd"
sm1.setTo "Someone", "anotheremailadd"
sm1.setCc "", ""
sm1.setBcc "", ""
sm1.Subject = "Try our School for Free"
' using static for body
sm1.setBody_Static_html "<font color=""#000000"" size=""2"" face=""Arial, Helvetica, sans-serif"">Lead from the website..." & vbCRLF & "" & vbCRLF & "Name: " & (Request("cusname")) & "" & vbCRLF & "Child Name: " & (Request("cuschiname")) & "" & vbCRLF & "Child Age: " & (Request("cuschiage")) & "" & vbCRLF & "Mobile: " & (Request("custel")) & "" & vbCRLF & "Email: " & (Request("cusemail")) & "" & vbCRLF & "Comments: " & (Request("cuscomments")) & "" & vbCRLF & "" & vbCRLF & "=======================================" & vbCRLF & "" & vbCRLF & "Please remember that this is an automatic email and you cannot reply to it." & vbCRLF & "</font>"
' Attachments none
sm1.sendMail "one"
%>

Open in new window

0
Comment
Question by:intangiblemedia
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Big Monty earned 500 total points
ID: 36543217
i had this same problem on some websites I managed a few years ago, I THINK what I did (I no longer work on them and dont have access to the code) was create a hidden text field and left it blank, and then on the server, I checked to see if that field had a value, if it did, I knew it was a spam bot and didnt do anything with it.
0
 

Author Comment

by:intangiblemedia
ID: 36543321
Thats a good option :)
0
 
LVL 33

Expert Comment

by:Big Monty
ID: 36543365
Other than using capcha I think that'd be the easiest
0
 

Author Closing Comment

by:intangiblemedia
ID: 36947866
Actually didnt work - I think Spambots may detect Input Type Hidden and not populate it... But I will try doing it with INPUT TYPE TEXT but set CSS display to none.

Kind regards,

Ben
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
The viewer will learn how to dynamically set the form action using jQuery.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question