Getting spammed with bots even with captcha

Hi there:
I have a client who is really bugging me about all the spam he's getting on his form. I have used the captcha - and I validated as many fields as possible to try to stop this, and it's still happening - several a day - sometimes even several an hour. The latest one is clearly a bot - even though as I said I have captcha. Help me please before this client shoots me.

are you also using Honey Pots validation?

this is where you add a hidden form field to the page and validate that it is empty.


add 1 or 2 hidden form elements to the page, then edit the server validations server behavior. set the validation type to Regular Expression, click the lightning bolt next to the server variable and select the hidden element.

set the regular expression to:
/^$/i

and set it to allow blank entry.

Most bots will fill in all form elements regardless of whether they are hidden or not.

Hi Jason:
Never heard of honey pots, so no.
To insert a hidden field, I just do a form, insert hidden field? All I see when I do that is a little symbol - I don't get an actual field. Is this correct?
Sorry to be ignorant, but I didn't know of this.
Thanks,
Christie

yes, all you will see is a symbol in design view, it is a hidden field, so you wont see anything else.

Thank you Jason
Christie

Hi Jason:
I am still having problems.
I can actually submit the form without filling out anything - including the captcha.
How do I stop that?
How do I block certain characters?
Christie

please send a copy of your page.

here you go.

there are a couple of problems:

1) the action of the form is to post to the /HDWForm2Mail/Form2Mail.php file.

forms 101:
All form processing must occur on the forms action page.


this means that the server validation behavior must be added to the /HDWForm2Mail/Form2Mail.php file.

open that file, go to the binding panel. Click the plus button, select Form Data, click the folder icon and select the form page.

now go to the server behaviors panel and add the Server Validation Server behavior.

2) You have a server validation behavior for each form element, you only need one server validation behavior that is configured to validate all of the form elements.

HI Jason:
I am sorry - I am now thoroughly confused. I was validating as much as I could to stop these frickin' spammers.
I get to put the security code validation on the form2mail form, (not what the tutorials say, by the way) but how do I validate the entire form?