I need to prevent feedback form spam

Discussion in 'Programming' started by xtreme fever, Oct 18, 2006.

0
  1. #1
    Hello,

    I use a php script for my form to e-mail backend and my web page is .html. I'm looking to add a security field to help prevent feedback form spam but I do not want to change my web page to .php. Can I add a simple javascript or code that will help prevent this form of spam? My form has required fields yet I still recieve non-sense spam.

    Thanks
     
    xtreme fever, Oct 18, 2006 IP
  2. streety

    streety Peon

    Messages:
    321
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #2
    You can use javascript to prevent a legitimate user submitting a badly filled in form but a spam bot wouldn't bother with the javascript and just submit as normal.

    I suppose you could use that idea and use javascript to submit a secret form variable along with the form. If that variable isn't there then you just ignore the form submission. The problem with this is that not all your users will have javascript enabled.

    Thinking about it more fully you could still make use of a image CAPTCHA on a html page. If you want to go down this route let me know as I think I have some code on my computer at home.
     
    streety, Oct 18, 2006 IP
  3. RRWH

    RRWH Active Member

    Messages:
    821
    Likes Received:
    49
    Best Answers:
    0
    Trophy Points:
    70
    #3
    rather than rely on captcha - you could use a simple logic question as part of your form - ie "what is 5 plus five" or "What colour is x object on this page"

    I use these sort of methods to great effect - and it eliminates most of the comment spam from getting to you. Using logic as a question is very difficult to bypass.
     
    RRWH, Oct 19, 2006 IP
  4. RZ-1

    RZ-1 Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I've wondered about this type of spam too.

    Is it somebody entering junk in a browser, or is it down programmatically?

    If its in the program, perhaps you can add a check on the $Http_referrer.
    or maybe there is a better HTTP environment variable to check.

    I've tried to stop it by check ips, but whoever does it, is mixing up the ip address too.
     
    RZ-1, Oct 19, 2006 IP
  5. streety

    streety Peon

    Messages:
    321
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Supplying the correct Http referrer can easily be automated. You can use the user agent variable but that will only pick out the spam bots if their creator couldn't spell.

    I talk about a more complete solution on my blog called bad behaviour. It looks at the complete http headers. It looks like it has a lot of potential.
     
    streety, Oct 19, 2006 IP
  6. xtreme fever

    xtreme fever Active Member

    Messages:
    472
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    95
    #6
    I can do this but, I would have to change the page to .php. I want to stick with .html pages.
     
    xtreme fever, Oct 20, 2006 IP
  7. streety

    streety Peon

    Messages:
    321
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #7
    PHP would help (you could have a range of questions which are picked at random) but isn't necessary. You should be able to do this in HTML.
     
    streety, Oct 20, 2006 IP