Form Security

[1decentguy]

I run a community website built using Microsoft Expression. In the site I have a contact form. Recently some idiot has been typing a bunch of nothing in the form and sending it, which it gets forwarded to my email. It's getting very annoying and I'm wondering what I can do to stop it. :x Any recommendations?

[community-manager]

Hello 1decentguy,

THe solution to your situation could be as easy as starting to use a CAPTCHA in your form. This would work if and only if the submitter is an automated program. I also recommend that you capture the "Environment Variables" of the user. Environment variables will let you know what the IP address of the user, its browser type, country, and plus bunch of other info. You may use these info to block the user.

I hope this helps.
Thank you,

[1decentguy]

Thank you.

[ThePrez]

I have several ways to stop certain words from being submitted. It does require some scripting. I use ASP. If you know the email Addy of of the loser er user of course you can just put some code in your response form page to send it back to the user. Let me give you a simple example in VBscipt, which you can convert the Jscript of PHP or whatever (too many program languages!)
Go to my chat room and use this word as a "user name" shit or any of the words in the code and see what happens. Then you will see how it works from the html side. Now let us put some code in here for you to see. Sorry but you have to use the worst words that the loser er user might possible use. I really do not like to use them in the code but found no other way!
:geek:

Code:

  
Iname = Ucase(Trim(Request.Form.Item("ChatName")))

   If Instr(1,Iname,"GOD",1) OR Instr(1,Iname,"DAMN",1) OR Instr(1,Iname,"SHIT",1) _
      OR Instr(1,Iname,"FUCK",1) OR Instr(1,Iname,"BITCH",1) OR Instr(1,Iname,"SUCK",1) _
      OR Instr(1,Iname,"BASTARD",1) OR Instr(1,Iname,"PISS",1) OR Instr(1,Iname,"JESUS",1) _
      OR Instr(1,Iname,"PRICK",1) OR Instr(1,Iname,"DICK",1) OR Instr(1,Iname,"CRAP",1) _
      OR Instr(1,Iname,"PEE",1) OR Instr(1,Iname,"MOTHERF",1) OR Instr(1,Iname,"CUNT",1) _
      OR Instr(1,Iname,"PUSSY",1) OR Instr(1,Iname,"TWAT",1) OR Instr(1,Iname,"PUBIC",1) _
   Then
      Session.Abandon
      Response.Cookies("Redirect") = "<FONT COLOR=RED>You can't use those words in here! Go wash your mouth out with soap.</FONT>"
      Response.Redirect("name.asp")
   End If

There are a few more things to do like make sure the response cookie gets cleared.
Now I just use some numbers to stop the auto emails which makes me wonder what the fuss is about having gif image with two different words which are always hard to see. But I have a small site yet I was getting spammed every day all day until I put this simple code in, which I am showing you because you could use this for an email Addy
Here is the form page with the numbers and the code to stop it below that.
http://whytehouse.com/form.asp

Code:

(javascript right on the form page)
if (form.num.value != 596231){
alert("Please enter the correct number value on this form");
form.numbers.focus();
return false;}
____________
(code on the ASP page or form response page)
If Trim(Request.Form.Item("num")) <> "596231"Then
   Response.Cookies("reply") = "<FONT COLOR=FF0000>Please Enter The Correct Number Value!</FONT>"
   Response.Redirect("form.asp")
End If

[abbieonline]

How does the form send? If you use php to send just add some conditional tests and make sure the person is entering. More than likely those are all bots testing your defenses. Definitely toss up a captcha, that'll save a ton of emails.

[RichardLeik]

I would suggest doing a quick read over the free reCaptcha service and learn to use their API. It's extremely effective and comes with lots of features such as oral reading of the captcha, reloading the captcha image, and more.

[nickh]

I second RichardLeik's suggestion of using reCAPTCHA to mitigate spammy submissions.

reCAPTCHA: Stop Spam, Read Books