If you run a website, then it is a given that you have some sort of built-in contact form for your users. Maybe you even want to give them a login of some sort, or allow comments on your blog.
It’s a natural usability feature that should be built in. After all, the web was made for interaction between people. That being said, running a website comes with the obvious problem of webbot-generated, spammy emails.
My biggest annoyance as a developer is the garbled text and links that these little babies send out. Guess what? When the stupid bots figure out how to fill out the forms, they send even more.
Such was the case, this week. My website was attacked by spam bots, which resubmitted the same form every 3 minutes, and flooded my inbox with garbage, as well as those of my co-labourers.
Now, this particular form was not my standard Drupal form. It was one that I thought had sufficient validation parameters to keep me from getting that kind of garbage.
Evidently, I failed. So, I began researching my options from preventing a hideous amount of spam from reaching me, and I thought I would share the three most common/best solutions that I found, along with their caveats.
1. CAPTCHA: This stands for Completely Automated Turing—Honestly, who cares what it stands for, I hate ‘em. Those little “Type the words from this picture in the box” deals that are on every website.
The good news, for the most part, is that they work. I think these are fine for preventing robot creation of usernames and profiles for spam purposes. For larger sites, this may be the only option available.
If you are using it for a business contact form, it could very well frustrate your users, and you could lose sales as a result.
Pros: Works very well at keeping spam bots away. Great for large sites.
Cons: Works well for keeping humans away.
2. Ajax Forms: How do you fill out a form that is not there? It sounds like some kind of Buddhist proverb. Yet, that is the concept behind Ajax forms. Now, it has to be a certain kind of form to work.
First off, the fields have to load as you fill them out. Fill out one field, tab to the next, the field becomes active. Since bots don’t do well with javascript, and try to fill out all the fields at once, this creates a problem for them.
Honestly, I considered using this type of form, but did not use it, for two reasons:
a. What if someone has javascript disabled? No form. If you have a form with graceful degradation to HTML, then you end up with the same problem you had before: the bots can fill it out.
b. I’m not particularly comfortable with Ajax-y stuff. Sorry.
Pros: Works like a charm.
Cons: Problems for mobile users, and people without javascript enabled.
3. The Hidden Field
This was the method that I stumbled across, which was the easiest to implement, and created very few problems for human users.
The key is to add a hidden field, and make it empty as the default(most fields are..heheh). Then, add either inline css to the text area, so that it does not show up for human users. That code would be style=”display: none;” for those of you who want the quick version.
In your validation (this is for PHP style form processor), do something like this for the hidden field:
$hidden = Trim(stripslashes($_POST['message]));
Then, check to see if the variable is still empty, using validation. If it is, allow the message to go through. A human submitted it, most likely.
If not, the bot has done its mindless job of filling out every field it finds with data, and should be redirected to an error page.
Once it is unsuccessful a few times, the bot will give up, and go hassle someone else, for once.
Pros: Easy to implement. User never sees anything unexpected.
Cons: You must know a minimum of PHP to implement. User must have CSS enabled.
Hopefully, you found this little article interesting and helpful. In parting, may all your webspam issues, be small webspam issues.
One more thing: The fear of the Lord is the beginning of wisdom. No one who puts their hope in Him will ever be ashamed.
Check out pragmatic things to know about dating - make sure to study the web site. The times have come when proper information is truly at your fingertips, use this chance.
Presented in conjunction with the leaders in quality video production and media services.