Form Spam

[JW]

Hey - While surfing around trying to find something to help with the spam
that is coming in on my FP forms, I wandered into
http://www.boisestate.edu/webcenter/security/fpspamblock.shtml. They're
offering a block of code (pasted below) that supposedly offers some degree
of help with the problem, but I cannot understand what it is doing. Can
anybody help me understand it? Also, do the FP validation properties help at
all, or do the spammers simply bypass all of this?

-----------
<!-- BEGIN: FrontPage Spambot code (v3) - DO NOT EDIT THIS CODE -->
<!--webbot bot="Validation" s-data-type="String" b-allow-whitespace="TRUE"
i-maximum-length="1" s-validation-constraint="Not equal to"
s-validation-value=" " -->
<input type="text" id="SpamTrap" name="SpamTrap" size="5" style="display:
none; border: 0;" readonly>
<!-- END: FrontPage Spambot code end -->

 

[Ronx]

Whether this will help with spammers or not depends on your server set up.
Spammers will usually have JavaScript disabled which then requires the
extensions on the server to validate the form - some FrontPage extended
servers will do this, some will not - and some seem to be intermittent.
(This comment is based on *my* experience, your mileage may vary).
If you are lucky and the server validates the form then the code block might
work.

The code places a form field in your form. CSS is used to hide this from
your legitimate users, but spambots will usually see it. Validation on this
field requires that it be left empty - spambots will complete it and thus
the form submission will be rejected by the validation, either by JavaScript
locally or by the server (if that works).

The idea is similar to that outlined at
http://www.rxs-enterprises.org/tests/anti-spam/ (see Hidden Fields on that
page.)

In my opinion effective anti-spam can only be done using server side
scripting (asp, php, asp.NET etc) to perform validation, not by using
FrontPage extensions (though the spamblock may help).
--
Ron Symonds
Microsoft MVP (Expression)
http://www.rxs-enterprises.org/fp

Reply only to group - emails will be deleted unread.

 

[JW]

Ron - Thanks for the explanation. I'm weak on php, so I dropped in the code
to see if I get lucky. Also, thanks for the link to your excellent website
and all the helpful goodies there. The hidden hit counter is a particularly
neat trick. Thanks again.
JW

 

[Andre]

Hi JW,
I had a lot of spam on my forms and tried varies scripts etc, and eventuall
did the following. When creating my forms I would include a field/question
with a simple answer ie. 1+1. then I go and create two images with an image
editor and on the one image I would put 1+1 and on the other 2 . Then next
to the new field I would put "what is the answer to {insert 1st image} and on
the other side of the field the answer is "insert 2nd image" The user can
see the question and the answer, all he/she have to do is insert the answer
in the field provided.
Now right click and open this field's form field properties/validate and
change the data type to "Number" the tick the Data length required check box
and add at Min 1 and at max 1 (if your question have a 2 charcater
answer the 2 and 2 etc)
place a tick mark in the Data Value "fields must be equal to" check box and
insert the answer to our question here, in this case 2 in the value field.
Save and publish. This is probably not foolproof, but since I have done this
my online form spam has decreased from around 30-50 spam mails per day to
nothing.