Spam from FrontPage forms

[Mark]

Hi,

I have a customer that hosts a small FrontPage 2003 web site on a Windows
2003
server (IIS 6). The site has a couple of "survey" pages where users can
enter comments in a form that are then forwarded via email. Recently I've
started to see spam coming from these forms. An example is below. Are there
now bots that submit spam to forms? What is the simplest way to prevent
this?

Thanks,

Mark Berry

ClassUse: ConsideringVisit
Name: britneysmama
Email: (e-mail address removed)
Remote Name: 81.95.146.126
Remote User:
HTTP User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)
Date: 07/26/2007
Time: 02:57 PM
Comments:
<img>http://www.babylon-x.com/updated/news/britney_spears_2.jpg</img>
<img>http://www.babylon-x.com/updated/news/britney_spears_1.jpg</img>

(A couple hundred lines of spam links follows.)

 

[Corey Bryant]

I would first stop using FP to process it. The email address is "public" to
the spambots when they view the source code.

CAPTCHA has worked well for some people and also using sessions on the forms
as well.

Check to see if you are on a *NIX or Windows. Then if Windows, see if you
can use something like JMail, ASPMail, ASPEMail, etc

 

[Mark]

Thanks Corey. And here I thought the forms were safe because they didn't
display the email address!

CAPTCHA is probably not an option here since these are quick voluntary
surveys. Having to enter weird characters would put people off responding.

You mention some ActiveX products for emailing from a form. On a related
topic, do you also have a recommendation for product(s) to actually display
an email address on the site yet hide them from bots? Maybe Jimco Spam
Spoiler?

Thanks very much,

Mark

 

[Corey Bryant]

If you look at the source code from the browser, you will see the email
address.

Not too sure about the ActiveX, but sessions are also a possibility if you
were to switch to a server side language like ASP, .NET, PHP. This would
hide the email address since it would not be shown and then you could use
sessions to validate that it is coming from the correct place.

You could also just block certain Class C IPs as well that are known to spam

 

[Ron]

Mark,

Head on over to the following URL
http://www.golivecentral.com/pages/txttut/scramble.shtml. You can scramble
your email address. Then insert the scrambled code where your email address
is in the code section of FrontPage. This works, since using it, I've gotten
zero spam from my forms page.

 

[Ron]

Sorry Mark... forgot to add what it will look like and it does work!! This
was taken from the code area of frontpage form.

<a href="mailto:[email protected]">email us</a>

 

[Ronx]

Unfortunately mailto: links do not work for those users who use web mail
(at libraries, hotels, etc.) or who do not have a mail client associated
with their browser.
--
Ron Symonds - Microsoft MVP (FrontPage)
Reply only to group - emails will be deleted unread.

http://www.rxs-enterprises.org/fp

FrontPage Support: http://www.frontpagemvps.com/

 

[Mark]

Thanks all.

I found a quick and dirty solution to stop the form-based spam for now. I
added a fixed string that the survey user must copy into a field, then used
FrontPage validation to make sure the correct string is entered. It's not
CAPTCHA, it's not hard to read, it's not foolproof, but hey, it stopped that
one annoying bot we've had to date!

I'll have to look into these options for hiding email addresses.

Mark

 

[Mark]

Thanks Corey!

If you look at the source code from the browser, you will see the email
address.

Not too sure about the ActiveX, but sessions are also a possibility if you
were to switch to a server side language like ASP, .NET, PHP. This would
hide the email address since it would not be shown and then you could use
sessions to validate that it is coming from the correct place.

You could also just block certain Class C IPs as well that are known to
spam