Form Validation

I have some forms my wife’s web site where I have applied the form Validation Action on two of the fields. The email address and the security question which has to be a number.

When I try to fill out the from without an email address or the wrong answer in the security question the form will not submit and I get an error to say that I need a valid email and that the security question must be a number. But she keep on getting spam emails where the form fields are filled out with junk, a bogus email and just more junk on the security question.

I have even tried to copy and paste the junk from the spammers email into the form field and it will not submit. How is it possible for them to send this and when I try to recreate it. I get the error message.

Cheers
Marcel


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Try turning off Javascript in the browser you are using and then see
if you can submit the form then, all of the validation the form is
using might be created around Javascript… this is a shot in the
dark. There are many tricks a web form mail processing script should
use to cut down on it being used as spam but there are many types of
spam in that it can be sent by a bot or a human, checking and
protecting against these two types of spam are completely different in
many ways.

Goodness knows what these people get up to, you can only try and make
your form as safe as possible with all the known rules and then as
someone finds a way through you try and block that hole. Generally if
Javascript is used as the only means of form security then you will
probably stop the odd person but you will be in trouble when you hit
on someone who knows a little more.
Have you thought that maybe this is someone who used your form in the
past to get the email and the form structure from the quoted text. The
email address you sent the reply from is used then this person copied
the structure from the text in the reply and restructured an email to
look like it came from the form, why? it will surprise you what humans
will do for kicks! look at the header, does it match the header of an
email sent from your web form?

Stopping most web forms being used by a bot is generally fairly simple
in that generally a CAPTCHA, a hidden field is enough to trip them up
but there are other measures you can take.
Some spammers fill in forms manually so the CAPTCHA protection and
hidden fields can be a doodle, what next? protect the content of the
message is another move, some form processors allow the user a type of
‘Badword’ filter, when you get a spam message the thing to do would be
to pick out some parts of the message and add those to the badwords
filter. In many cases it just takes a little though to decide what to
take from the message text and ad to the bad word filter to stop
future messages… so far this has stopped spam dead for me on web
forms that have a bad words (or type of) filter.

If you have a bad words filter in the form processor then use it to
help protect against spam through message content.

HTH

On Oct 17, 2009, at 6:18 AM, Helveticus wrote:

I have some forms my wife’s web site where I have applied the form
Validation Action on two of the fields. The email address and the
security question which has to be a number.

When I try to fill out the from without an email address or the
wrong answer in the security question the form will not submit and I
get an error to say that I need a valid email and that the security
question must be a number. But she keep on getting spam emails where
the form fields are filled out with junk, a bogus email and just
more junk on the security question.

I have even tried to copy and paste the junk from the spammers email
into the form field and it will not submit. How is it possible for
them to send this and when I try to recreate it. I get the error
message.

Cheers
Marcel


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

If the validation is using JavaScript it can be turned of. Also there
are growing armies of low paid workers willing to manually complete
spammed forms.

If you know the ip address the form is being sent from, you could put
it on a ban list if your hosting account let’s you do this. Ours can
ban ip addresses.

David

On 17 Oct 2009, at 05:18, “Helveticus” email@hidden wrote:

But she keep on getting spam emails where the form fields are filled
out with junk, a bogus email and just more junk on the security
question.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

As Mike said, a ban list works great.

I would favour a ban list before using a CAPTCHA as a CAPTCHA can
annoy users a lot - that is, if its an important sales form.

I feel spam should be problem of the web site owners and not a
problem for the customers using the site.

David Owen ::
Freeway Friendly Web Hosting and Domains

On 17 Oct 2009, at 9:45 am, Mike B wrote:

Stopping most web forms being used by a bot is generally fairly
simple in that generally a CAPTCHA, a hidden field is enough to
trip them up but there are other measures you can take.
Some spammers fill in forms manually so the CAPTCHA protection and
hidden fields can be a doodle, what next? protect the content of
the message is another move, some form processors allow the user a
type of ‘Badword’ filter, when you get a spam message the thing to
do would be to pick out some parts of the message and add those to
the badwords filter. In many cases it just takes a little though to
decide what to take from the message text and ad to the bad word
filter to stop future messages… so far this has stopped spam dead
for me on web forms that have a bad words (or type of) filter.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Mike, David, thanks for the replies. I will check it out and see how I can make this less of an issue. Fortunately she does not get a lot of these but it is annoying.

Cheers
Marcel


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options