Solved

ASP mail form

Posted on 2014-03-07
11
409 Views
Last Modified: 2014-03-16
Dear Experts,

I have a web page that allows visitors to complete a form and send the information to our support email address. We have been getting a lot of spam, most of which contains URL's.

What is the best way to detect the presence of "http://" in a field and silently not send the email without giving an error message? I have tried using the Instr function but I don't think I am using it correctly.

Thanks!
0
Comment
Question by:ttobin333
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 33

Expert Comment

by:Big Monty
ID: 39914066
Easiest and most common way would be to use captcha
http://www.captcha.net
0
 
LVL 58

Expert Comment

by:Gary
ID: 39914077
Is there a possibility that real people may send you a link? If so your logic would be bad.
But anyway these are bots not real people, they don't care if it seems like the email was sent - follow Monty's advice and you will eliminate 99% of this
(no points for this)
0
 

Author Comment

by:ttobin333
ID: 39914179
Thanks, guys.

My software also uses the same page to send automated license registration notifications, so I would need to be able to bypass the Captcha with a "secret switch". Any suggestions on that?
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 33

Expert Comment

by:Big Monty
ID: 39914183
either create a condition where the captcha only appears after a given condition...

OR

move your notification logic to it's own page.

I would probably choose the latter option if it's not a huge undertaking. Separating different bits of functionality is a lot easier to maintain than if everything is dumped in to one page
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 250 total points
ID: 39914487
For small sites it really does not take much to ward off the annoying spammers.  When I try and implement a traditional style captcha, then the client complains that it is too hard to read but the spam goes away...and they typically will say their response goes away too because of the captcha.  

What I ended up doing on a number of sites is using something very simple and you can implement on one page and is easy to read.  It is not best practice by any means but for small sites I was able to eliminate 100 rapid fire spams to maybe 1.  

For an added bonus, you could add a session("submitCount")=0 and each time the form gets submitted add 1.  If the session("submitCount") goes past 3 or 4, hide the form.  If the form is successful, set session("submitCount")=0

And the double added bonus, I use a free webservice that converts the IP to a location
http://smart-ip.net/geoip-xml/"&request.ServerVariables("REMOTE_ADDR") and in the notes that get sent to the client include the info from the webservice which includes the country and city and state.  This has been helpful when humans fill out forms from high spammer countries.

This was the best happy medium I came up with that prevented the rapid fire spambot's and was mostly easy to read and understand making the client's happy.

<%
Dim max,min,theNumber,codeNumber, errorText
errorText=""
function getCaptcha()
'*** Make a random number 1 to 7 ***
	
	min=1
	max=7
	Randomize
	theNumber=Int((max-min+1)*Rnd+min)
	'*** pair number and word ***
	select case cstr(theNumber)
		case "1"
			getCaptcha="1,one"
		case "2"
			getCaptcha="2,two"
		case "3"
			getCaptcha="3,three"
		case "4"
			getCaptcha="4,four"
		case "5"
			getCaptcha="5,five"
		case "6"
			getCaptcha="6,six"
		case "7"
			getCaptcha="7,seven"
	end select
end function

if request.form("something")<>"" then '*** form is submited ***
	' *** Test to see if captcha is correct
	if request.form("code")=session("captcha") then '*** ok to process ***
		' update your database 
		else
		errorText="Please enter the secret code"
		strSomething=request.form("something")'*** prefill in the form ***'
	end if
strCaptcha=getCaptcha() '*** create new capcha ***
else
	strCaptcha=getCaptcha() '*** create new capcha ***
end if
'*** set the captcha ***
arrCaptcha=split(strCaptcha,",") ' *** convert comma seperated pair to an array ***
codeNumber=arrCaptcha(0) ' *** Array's start at zero | 1,2,3... ***
session("captcha")=arrCaptcah(1) ' *** one,two, three...


%>

<form>
<% if errorText<>"" then 'make this box red or yellow %>
<div class="error"><%=errorText%></div>
<%end if%>
	<input name="something" value="<%=strSomething%>">
	<div>Select the secret code:<%=codeNumber%></div>
	<select name="code">
		<option value="zero">Select Code</option>
		<option value="one">One</option>
		<option value="Two">Two</option>
		<option value="Three">Three</option>
		<option value="Four">Four</option>
		<option value="Five">Five</option>
		<option value="Six">Six</option>
		<option value="Seven">Seven</option>
	</select>	
<button type="submit">Submit</button>

</form>

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 39914807
You'll find that reCaptcha is actually easier to use these days and invariably you'll get an easy to read image (if they suspect you are a bot they will send an harder to read image).
I find most times I get just a few numbers to type in.
0
 

Author Comment

by:ttobin333
ID: 39915061
Can you assist with the ASP code for Captcha?
0
 
LVL 58

Expert Comment

by:Gary
ID: 39915063
They have samples/'what to do' on the site when you register
0
 
LVL 33

Expert Comment

by:Big Monty
ID: 39915066
here's a pretty straightforward example:

https://developers.google.com/recaptcha/docs/asp
0
 
LVL 33

Accepted Solution

by:
Big Monty earned 250 total points
ID: 39915068
if you're still hesitant to do captcha, you may want to look at this approach:

http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx/
0
 

Author Closing Comment

by:ttobin333
ID: 39932611
Very helpful, thank you!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Out the count variables 6 53
HTML in email body has extra  tick marks 3 76
can I post data from an asp page to php page? 4 51
is this a cms? 8 58
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now