Form spammers - what to do!

[smn2]

Tweet

Hi

Apologies if this mini-rant is in the wrong place, but
I just want help tackling form spammers, as they're
driving me crazy with they're pointless fecking
url-filled feedback that no-one ever clicks, and
I delete straight away, but still it comes....

Aaaargh!

Sorry.

So, this geyser form spammed one of my sites

http://online-gambling-b .blogspot.com/

Don't visit because it redirects to some ppc gambling bollox.

So, can I report the site owner to blogger and if so
should I bother?

And anyone got any solutions to form spam, pointless
automated stuffing of crap into your online form.

I'm having to install this bit of code on my sites
cos it guarantees to stop it, but it costs and it's
a bit of a pain to install.

webform.flowto.info

(operated by Will Bontrager)

Any other suggestions? (My forms are strictly perl/CGI)

Cheers for listening

Steve

[Rocky]

We have seen a lot of this activity in the past. The spammers seems to be targeting not only the reader of the form but also the person referred to in the email field on the form.

If you are sending out confirmation emails to people who are submitting information to you via forms that allow an email address to be added to the form you are likely to be hit with this type of attack. It is possible, under certain circumstances, to send millions of spam messages using this type of attack.

One way to reduce the problem is to only allow registered users to contact you in this way, or alternatively to use one of those obscured number/letter combinationsto prevent mass form submissions perhaps.

If anyone else has other ways to prevent this type of attack we would be pleased to hear them. When we were hit with this attack we tried IP blocking and allowing submissions only from our own web pages but the spammers got round both of these limitations.

[cymonguk]

Only way I have found is using the letter number thing.

Easiest way to do it is produce a gif file for each letter (distorted) slightly, and have a a cript randomly pick 7/8, show on screen, and then validate this code.

[uklejon]

We get shed loads of it.

Always have your email address written in code and not in a hidden form field, this way the bots can't find it.

Another easy way is to change the name of some of the form fields. This confuses them for a while. Remember to change the field name in your scipt though.

Jon

[smn2]

Jon,

I never put my email live on a website, and I change
the form name but still the form spam comes (sometimes
with acknowledgements that my change of name has
not worked! Grrrr).

I like the validation thing but it's illegal to use this for UK sites
unless you provide an alternative for disabled users (i.e. blind).

I'm using the Willmaster form (I mentioned earlier) now on one
of my sites and the form spam has stopped. I will just roll it out
on all of my other sites, I guess. *Sigh*.

Steve