On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:
> I have a form that submits details to an access database using
> insert record behavior. However, I seem to be getting a
> considerable amount of spam via this form.
> Is there any way of using Image Verification (Captcha) as well as
> the insert record behavior on the same page?
> I've used Image Verification on simple email forms before no
> problem, but this is proving to be more difficult.
> Any help would be greatly appreciated.
Here's what I've found. (JFTR, I really don't like CAPTCHAs. Methods
should be passive, so that senders don't have to expend extra effort
in order to use the form.)
- Spambots love fields with 'address' in their name
Try one or another of these:
a value; test for that field's value before you allow the mail to be
sent. For the few real people who don't have js turned on, include
the field in a <noscript> block and have them fill it in.
Type <em>orange</em> here: <input type="text" name="foil" />
where the contents of foil.js are:
document.write("<input name='foil' type='hidden' value='orange' />");
In your processing script, check for the presence of a field 'foil'
with value 'orange'; if it's not there, or if it has a value other
than orange, don't send the email.
Method 2: add a couple of hidden forms that spambots just can't resist:
<input type="hidden" name="address2" id="address" value="xyzzy" />
<input type="hidden" name="address3" id="address" value="" />
Spambots will invariably either clear a field with 'address' in its
name, or will fill it in. So in this method, your check is more
IF (Request.form("address2").value = "xyzzy") AND
(Request.form("address3").value = "") THEN
'OK to send the mail
'Have a form spammer...