Thread

Hey Folks,

Having a problem with tons of spam in contact forms lately. These are non EE related sites, they are actually static. Looking for a non-captcha alternative or (easy to read captcha) or any ideas on how to cut them down to a minimum.

Thanks in advance.

You sure they have not captured a hidden field email address in the form and are spamming that as it’s a fav method for email harvesters? I did a bit of research on this by building a page with differently exposed email addresses to see how quickly they would get compromised - interesting results.

What I do for contact forms on non EE sites, is use the London Perl Groups revised version of the classic MailForm script - http://nms-cgi.sourceforge.net/scripts.shtml  - more secure as it does not have the send to email address in your html and I also set up a forwarding address in case it ever gets compromised.
My contact form uses recipient email address of .(JavaScript must be enabled to view this email address) and then I forward that email address to my real email address. Any spam on the forwarding address and I set up a new one, .(JavaScript must be enabled to view this email address), and change it in the script.

What I did when I wanted to protect an e-mail address on a static page was, I generated the code-obscured e-mail address using EE, then used “View Source” to collect the code and paste it into the static HTML. It worked quite nicely but it’s been some time since I needed to do anything like that.

I’ve seen a few utilities available here and there that will generate a code-protected e-mail link for pasting into static HTML.

I’ve used Hivelogic Enkoder to generate protected e-mail addresses for about five years and have never gotten any spam to those addresses. Look into Enkoder.

Hey Folks,

Having a problem with tons of spam in contact forms lately. These are non EE related sites, they are actually static. Looking for a non-captcha alternative or (easy to read captcha) or any ideas on how to cut them down to a minimum.

Thanks in advance.

Part of the problem here is that if the captcha was easy to read it wouldn’t be useful. That’s the whole point.

Hey Folks,

Having a problem with tons of spam in contact forms lately. These are non EE related sites, they are actually static. Looking for a non-captcha alternative or (easy to read captcha) or any ideas on how to cut them down to a minimum.

Thanks in advance.

Part of the problem here is that if the captcha was easy to read it wouldn’t be useful. That’s the whole point.

As a human and not a bot, you should be able to figure out what the captcha says. Just the other day I filled out a contact form, with a captcha in which I tried three times to submit the form and each generated captcha I could not make out. So, I gave up. You have to wonder me being younger with great vision not being able to submit a form because of the garbage captcha that was generated. How many other users that don’t have the best vision trying to fill out contact forms and not being able to, therefore losing a conversion and losing money.

I’ve used Hivelogic Enkoder to generate protected e-mail addresses for about five years and have never gotten any spam to those addresses. Look into Enkoder.

Brendon,

I am not looking for a email address generator, I am looking for a contact form solution to cut down on spam.

yeah I do see your point. I like the captchas that have a ‘reload’ so you can get a new one without filling the whole form out again

Hey Folks,

Having a problem with tons of spam in contact forms lately. These are non EE related sites, they are actually static. Looking for a non-captcha alternative or (easy to read captcha) or any ideas on how to cut them down to a minimum.

Thanks in advance.

Part of the problem here is that if the captcha was easy to read it wouldn’t be useful. That’s the whole point.

As a human and not a bot, you should be able to figure out what the captcha says. Just the other day I filled out a contact form, with a captcha in which I tried three times to submit the form and each generated captcha I could not make out. So, I gave up. You have to wonder me being younger with great vision not being able to submit a form because of the garbage captcha that was generated. How many other users that don’t have the best vision trying to fill out contact forms and not being able to, therefore losing a conversion and losing money.

If you’re using PHP for the contact form, the following functions and checks have worked ok for me on static sites:

function sanitize_input($input)
{
   $input = stripslashes($input);
   $input = trim($input);
   $input = strip_tags($input);
   $input = mysql_escape_string($input);
   $input = preg_replace("/\r/", "", $input); 
   $input = preg_replace("/\n/", "", $input);
   return $input;
}

function sanitize_textarea($input)
{
   $input = stripslashes($input);
   $input = trim($input);
   $input = strip_tags($input);
   return $input;
}

if (preg_match('/(viagra|cialis|other|banned|words)/m', $comments)) {
    exit('You\'ve entered banned words into the form.');
}

I’ve used Hivelogic Enkoder to generate protected e-mail addresses for about five years and have never gotten any spam to those addresses. Look into Enkoder.

Brendon,

I am not looking for a email address generator, I am looking for a contact form solution to cut down on spam.

Brendon may have been replying to me, since I brought up the subject of generators. Alas, Enkoder is only available for the Mac and I use WinXP.

If the spam is coming through on your form then it may be an automated script that’s posting them - possibly directly to your script. Therefore try the nms mail script I mentioned earlier - that will stop scripts outside of your domain from using it.  If they are using the form element in your page to spam then might want to put a second page into your contact form process - instead of a submit button have a preview button and show the user a preview from which they can then submit the form - this will eliminate a lot of bots.

Why not do simple question?

Like “Is Europe a country? Yes/No” .. “Fire is hot or cold?” etc.

It will make sure your commenteres have a minimum level of intelligence as well, so it’s a win-win. There are several plugins for Wordpress at least that does this, so throwing something together for whatever solution you’re using shouldn’t be hard.

- bjorn

Like “Is Europe a country? Yes/No”
- bjorn

But not that because you just know there are a lot of people who are going to get that wrong.

One I used on a forum registration process is a box asking registrars to leave this blank I think I called the field the Spambot trap and it had a little note telling humans to leave blank. Automated bots would fill this in and then the script would fail.

One I used on a forum registration process is a box asking registrars to leave this blank I think I called the field the Spambot trap and it had a little note telling humans to leave blank. Automated bots would fill this in and then the script would fail.

:lol: Diabolical!

Bad Behavior can prevent requests from that have a spammy request fingerprint, and Akismet can filter input for spammy-type content.  The former is free, the latter is a paid service, but both are fairly effective, and much more reliable than CAPTCHA.  Particularly as spammers move to countries where it’s cheaper to hire a few dozen people to sit at terminals than it is to pay a programmer to keep updating a bot script, CAPTCHA is becoming useless, because your spammers are human, and can pass Turing tests.