[ic] Spammers circumventing form checks
emailgrant at gmail.com
Wed Oct 10 04:12:22 EDT 2007
> Hi Grant-
> This trick ended spam from my html form:
> 1. Add an extra textarea field to your form.
> 2. Use css to make that box hidden to users. Only spambots will read the
> source code and fill in that field.
> 3. Filter out email that contains that form field.
> We do it in the nms formmail program.
> There's a description of this method here:
> There's a mistake in the perl code on that page, it shows ">" instead
> of ">".
> Hope this helps.
Great responses everyone, thanks a lot. I'm going to summarize, in no
1. IP-based checking
2. hidden field trickery
4. page history check to ensure normal field checks
I'm using #4 because it was quick to implement:
We'll see how it goes. I suppose it could interfere with a real user
if their session isn't working (no cookies and AOL-style dynamic IP)
and they use the back button to reach the form. I think #2 is ideal.
> Grant wrote:
> > I have a check set up in my email form that would prevent the spam I
> > receive through there from being sent, but it doesn't seem to be
> > preventing it. I guess this means the spammers are posting directly
> > to the server and not using the actual page. Is there any way to
> > prevent this from happening?
> > - Grant
More information about the interchange-users