close ad
WARNING PC USERS: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

anti spam

Thread began 8/18/2009 6:01 pm by CraigR | Last modified 9/08/2009 6:14 pm by Ray Borduin | 2882 views | 10 replies |

CraigRBeta Tester

anti spam

i have a contact form with a honeypot and a captcha to help combat spam, but still get a regular throughput of offers for russian viagra, (which i don't need). ;-)

i was thinking, is there a way i can hide a select list item from display, which is visible to spambots but not to a user, (a variation on a honeypot i suppose) so i can further help filter out the rubbish we are constantly bombarded with ?

Sign in to reply to this post

anonymous

Craig,

Is your honeypot a hidden form element or an actual text input that is positioned off the page?

That may be the issue without knowing how you set the honeypot up. I know in the past, when I have used just a hidden form element for the honeypot with a blank value, it didn't work at all.

But, if you make a text input box and give it an id like "honey" and then add a class to it... call it .honey or whatever else. Then for the CSS in .honey, set the position to absolute and give it a left value of something like -9000px. That way, a bot will see it but a human won't. Then do your PHP check to make sure that $_POST['honey'] is empty or FALSE before letting the form continue to process.

Just some thoughts... sorry if I am telling you something you already know.

Best regards,

Brian

Sign in to reply to this post

CraigRBeta Tester

Hi Brian, Thanks for the reply.

My honeypot currently consists of a form element which has is set to display: none; in CSS.
Is it better to move the field off the page rather than just hide it ?

my php then looks for text in the field, which, if present, sets my suspect flag to true and then doesn't send the mail when the form is submitted.

My form ALSO has a captcha, but I still get some spam through.

My logic behind the original question, was that all the spam I seem to get has the first item from my select list as the mail title, so if i could hide the first item to humans, i could process the suspect list value accordingly.

Oops!
Just looked at the code on my page to refresh my memory, and I noticed a minor typo in my code which meant the suspect flag wasn't being set, even if the honeypot had some text input.
That would explain a lot.

Sign in to reply to this post

anonymous

Hi Craig,

While I am not 100% certain about the display issue being none or positioned off the page, I have read several books including the 2 PHP books from David Powers and a couple of CSS Mastery books and all of them suggested to use CSS to position them off the page rather than set the display to none. Perhaps, setting it to none, means it cannot get read at all by the bot because it won't be regular text and input inline with the actual form. So, I would probably recommend to position it off the page just to be sure; I know for a fact that it will then get picked up by the bot and probably filled in.

If you are still getting spam even through captcha... you may have a bot utilizing the script without even having to go through all the fields. One way to avoid this is to have the script on another page - so if captcha checks, it then moves to the process page. Personally, though, I would prefer to have the process right on the same page. To do this, you could not only run the checks on validation of the honeypot and captcha, but if they fail - add both a header redirect and the "end;" command to ensure that the script cannot be used in any way. I think if you put the end command in after your redirects, it will solve a lot of problems as the script will completely be killed at that point.

Sign in to reply to this post

Ray BorduinWebAssist

It is just a matter of hiding it from the bot. Some bots may be smart enough to not edit hidden form elements, some may check visibility or even position. The nature of the honeypot is such that not every bot will get their hand stuck in the jar.

Captcha and obvious question should be much more reliable, but unfortunately not all spam is done by a bot.

Sign in to reply to this post

CraigRBeta Tester

Re Spam

I an getting fewer spam messages now, and i have noticed that those i receive have a message title which doesn't correspond to any of the titles i have available on my mail form, which leads me to suspect that what is getting through is not beating my honeypot and captcha at all, but simply using root@domainname to spam me.

Anyone have any tips / suggestions to help counteract this ?

Sign in to reply to this post

Ray BorduinWebAssist

I'm not sure I fully understand what you mean by "using root@domainname to spam me"... can you explain a little further and maybe I can try to help.

Sign in to reply to this post

CraigRBeta Tester

Hi Ray,

what i mean is that all of the spam emails have root@domainname as the recipient.

Sign in to reply to this post

Ray BorduinWebAssist

I'm not sure of the security hole or issue regarding root@domainname. I did some research but couldn't find anyone else with similar reports either. Do you have any more information other than the common to address?

Sign in to reply to this post

CraigRBeta Tester

Hi Ray.

Sorry, i may be being dumb here.

An example of a mail i get would be along the lines of the attached image.

On my contact form, the message title 'Message from Website visitor' is not one of the options available, so I am thinking that the junk i am receiving is not coming via my contact form.

if I were to send junk mail to root@webassist.com, what would happen to it ?

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...