[ic] A spam trap for "contact us" pages

Gert van der Spoel ic at 3edge.com
Sat Oct 29 14:39:49 EDT 2005


Kevin Walsh writes: 

> I thought I'd share a handy tip here, for anyone who has some sort
> of "contact us" page on their website. 
> 
> Put this on the page that shows your "contact us" form: 
> 
>     [set post_allowed]1[/set] 
> 
> Put this at the top of your form catcher page (mv_nextpage): 
> 
>     [if !scratch post_allowed]
>         [bounce page="spam_trap"]
>     [/if] 
> 
> With the above in place, nobody can create a script to emulate the
> form and automatically post junk unless (1) the script first makes
> a visit to the actual form, and (2) makes use of the session ID in
> their subsequent visit to your mv_nextpage.  Ordinary users will not
> be affected by this at all. 
> 
> The "spam_trap" page should send something incriminating to an abuse
> log.  For instance, you should log the scumbag's IP address, the
> message text and the content of all of the other fields prompted for
> by your form.  A short message in the error.log file is also a good
> idea.

Useful stuff Kevin!  I'll be using it in my contact page :) 

CU, 

Gert


More information about the interchange-users mailing list