How To Prevent Web-form Spam?

Levitra No Precription Meds Zithromax Fibromyalgia And Trazadone And Cymbalta Taking Chantix With Zyban Lexapro Withdrawl Symtoms Buspar Prescribing Transition From Paxil To Lexapro Price Of Prednisone 10mg Discounts On Hoodia Gemfibrozil Melatonin Seroquel And Prozac How To Coat Calcium Carbonate Contraindications For Avandia 40mg Of Lasix Going Off Of Lexapro Cyclobenzaprine Tramadol Hours Apart Who Discovered Dilantin Cymbalta Cannot Cry Purim Folsom Cymbalta Stop Abruptly Propecia Long Term Effectiveness Simvastatin Lipitor Exchange Discount Tricor Purim Cookiez Cant Orgazum On Prozac Heart Rate Control Coumadin Face Pimples Propecia Actos Administrativos Aura Soma Paint Additives England 1 2 Dose Plavix Toprol Xl50mg Rogaine Foam User Forum Seroquel Xr Dosage Effexor Xr Iner Restlessness Who Ships Tramadol To Arkansas Cephalexin Nasonex Interaction Prevacid And Pruritus Ani Plavix History Doxazosin Versus Flomax How Often To Take Soma Depakote And Subarachnoid Hemorrhage Breast Enhancement Cream Texas Topamax With Zoloft Does Seroquel Make You Gain Weight Breast Lift With Breast Augmentation Mobic Dogs Long Term Side Effcts Of Crestor Long-term Claritin Use Breast Enhancement Hypnosis Alchohol While Taking Zoloft Don Butcher Cla And Diversity

A relative has a small store business with a website that has a contact form. Recently she’s been getting spam submitted through the form. Is there anyway to prevent this kind of spam? If it helps, Godaddy hosts her site and her domain.

Next: Are Managed Hosting And Dedicated Hosting The Same? Like To Ask?
Previous: If Someone Owns A Domain Name Of A Title Of A Copyrighted Book, Is That Considered Cybersquatting?
"How To Prevent Web-form Spam?" was posted on Monday, October 19th, 2009 at 9:32 am.

2 Responses to “How To Prevent Web-form Spam?”

Koolkat(2009-10-19):

Talking of spam, your other answer (which has been reported) was a spam virus download.
Spam is a huge problem on the entire Internet. Since laws were made (and enforced) against sending spam by email, they’ve had to resort to any other method where users are allowed to put content anywhere on a site. That’s why we get so many here on this site, which is designed for user content.
Your relative could get some Captchas on the site. These are those blurry squiggly hard-to-read numbers and letters you have to copy before submitting something. They are a nuisance, and may put off a small number of customers, but they are very hard to read by computer, so at least the automated spam bots can’t get past them to spam you.
Big companies get theirs from a Captcha service. A smaller site could make up some, say 20, as graphics images, and have a script that displays them at random on the contact form.
The other defense is to put a good spam filter on the incoming mail from the site.
This one is $30 and has a 20-use free trial.
. http://www.antispamguard.com
This is a listing of many different ones, ranging from free to shareware to commercial oneshttp://3d2f.com/tags/spam/guard
For low volume, probably even one of the free ones would work well. Get the mail directed to a POP account (on Outlook Express, not on Web mail) as that also has better built-in sorting and blocking features. Also it will sort the mail into different groups, if there are different types of queries coming in. All you need do is put a list of choices for the customer to click; this goes into the email subject line, and gets sorted on that basis into the right folder.
Good luck with this never-ending fight.
Shui X(2009-10-19):

Checking HTTP_REFERER is an old an unreliable security measure. Sure, it can add a tiny bit of security but it’s very very easy to spoof the referer info, even automatically.
There’s a PHP security expert named Chris Shiflet that has written a lot about this topic. One of his ideas is to generate two related strings, store one in an invisible tag in the form, and the other in a cookie set in the browser. When the data is received, the two values are compared. If there is no cookie (session) info, script dies. If they don’t match, the script dies.
In a nutshell, the one string is psuedo randomly generated off the current time, and the other is a one-way hash (md5) of that string plus a secret component. Like this:
$hash = md5(’secret salt here’.$string);
Chris Shiflet does a better job of explaining it. The technique does require cookies allowed by your visitor, but it is very easy for the “good guys” to use your form while being very tough on preventing “bad guys” from taking advantage.
I’ve adapted this idea a bit for my own use and I limit the time involved for each token/hash pair. In other words, you only have 15 minutes to submit the form. This means that a spammer can’t gather a token/hash pair from my site and use it from now on to send spam through my form.