Skip Navigation

Combating SPAM
File Category Author Send email Website
2007120103 General HTML Ronx to Ronx www.rxs-enterprises.org

Advanced Search

Related Pages

MVP Logo

Some pages below may open in a new window or tab Links open in a new window or tab

Spam and form results - including CAPTCHA, ASIRRA, and others

Methods of combatting Spam in Forms

How to stop automated bots using forms to send Spam

The best solution requires server side scripting to spot the spammers.  JavaScript validation in the browser will only be effective if the user (human or machine) has JavaScript enabled, hence server side scripting is required.  The FrontPage forms processor is not capable of spotting spam, so client side JavaScript is the only option when using FP extensions to process the form.

HIPs are used to differentiate between humans and machines.  Four HIPs are outlined below, with examples.  The example forms do not send any data to anywhere.

Captcha

If the spammer is an automated bot it is possible to exclude them using a captcha device on the form - but this should be validated using server side scripting.  A human spammer will easily overcome defences of this type, so validation has to go further to check for hyperlinks in the other fields.  However, there are some bots that can

The "captcha" is usually implemented as an image with distorted characters, and the user is asked to type those characters into a form field.  Validation checks the result and deals with the form accordingly.

An example of a form using a simple captcha is at captcha.aspOpens in new window or tab .  See http://en.wikipedia.org/wiki/CaptchaLeave this site for more information.

Random Questions

Other measures can take the form of a simple question, such "What colour is a blue sky?"   The validation will check for "blue" as the answer, allowing for upper and lower case.

See Random QuestionsOpens in new window or tab for an example.  This page uses asp to set a random question, and checks the response.

Hidden Fields

Using hidden fields can also defeat spammers.  Add a <div> to the form and style it to be hidden.  If the automatic bot fills in these fields, then reject the form.  A human form-filler would not know these fields exist, unless their browser has CSS disabled.

See hidden fieldsOpens in new window or tab for an example.

Asirra

The Asirra (Animal Species Image Recognition for Restricting Access) method uses pictures of animals to determine whether the form-filler is human or machine.  See AsirraLeave this site for more information, and here is an exampleOpens in new window or tab.