[Top] [All Lists]

Re: Image Verification on insert record

Subject: Re: Image Verification on insert record
From: Joe Makowiec
Date: Thu, 25 Oct 2007 10:28:22 +0000 UTC
Newsgroups: macromedia.dreamweaver.appdev
On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> I have a form that submits details to an access database using
> insert record behavior. However,  I seem to be getting a
> considerable amount of spam via this form.
> Is there any way of using Image Verification (Captcha) as well as
> the insert record behavior on the same page?
> I've used Image Verification on simple email forms before no
> problem, but this is proving to be more difficult.
> Any help would be greatly appreciated.

Here's what I've found.  (JFTR, I really don't like CAPTCHAs.  Methods
should be passive, so that senders don't have to expend extra effort
in order to use the form.)
- Spambots don't run javascript
- Spambots love fields with 'address' in their name

Try one or another of these:

Method 1: Use an external javascript file to write a hidden field with
a value; test for that field's value before you allow the mail to be
sent.  For the few real people who don't have js turned on, include
the field in a <noscript> block and have them fill it in.

<script type="text/javascript" src="foil.js"></script>
Type <em>orange</em> here: <input type="text" name="foil" />

where the contents of foil.js are:
// JavaScript Document
document.write("<input name='foil' type='hidden' value='orange' />");

In your processing script, check for the presence of a field 'foil'
with value 'orange'; if it's not there, or if it has a value other
than orange, don't send the email.

Method 2: add a couple of hidden forms that spambots just can't resist:
<input type="hidden" name="address2" id="address" value="xyzzy" />
<input type="hidden" name="address3" id="address" value="" />

Spambots will invariably either clear a field with 'address' in its
name, or will fill it in.  So in this method, your check is more

IF (Request.form("address2").value = "xyzzy") AND 
(Request.form("address3").value = "") THEN
'OK to send the mail
'Have a form spammer...

Joe Makowiec

<Prev in Thread] Current Thread [Next in Thread>