Re: Image Verification on insert record

Subject:	Re: Image Verification on insert record
From:	Joe Makowiec
Date:	Thu, 25 Oct 2007 10:28:22 +0000 UTC
Newsgroups:	macromedia.dreamweaver.appdev

On 25 Oct 2007 in macromedia.dreamweaver.appdev, Gary Woodward wrote:

> I have a form that submits details to an access database using
> insert record behavior. However,  I seem to be getting a
> considerable amount of spam via this form.
> Is there any way of using Image Verification (Captcha) as well as
> the insert record behavior on the same page?
> I've used Image Verification on simple email forms before no
> problem, but this is proving to be more difficult.
> Any help would be greatly appreciated.

Here's what I've found.  (JFTR, I really don't like CAPTCHAs.  Methods
should be passive, so that senders don't have to expend extra effort
in order to use the form.)
- Spambots don't run javascript
- Spambots love fields with 'address' in their name

Try one or another of these:

Method 1: Use an external javascript file to write a hidden field with
a value; test for that field's value before you allow the mail to be
sent.  For the few real people who don't have js turned on, include
the field in a <noscript> block and have them fill it in.

<script type="text/javascript" src="foil.js"></script>
<noscript>
Type <em>orange</em> here: <input type="text" name="foil" />
</noscript>

where the contents of foil.js are:
// JavaScript Document
document.write("<input name='foil' type='hidden' value='orange' />");

In your processing script, check for the presence of a field 'foil'
with value 'orange'; if it's not there, or if it has a value other
than orange, don't send the email.

Method 2: add a couple of hidden forms that spambots just can't resist:
<input type="hidden" name="address2" id="address" value="xyzzy" />
<input type="hidden" name="address3" id="address" value="" />

Spambots will invariably either clear a field with 'address' in its
name, or will fill it in.  So in this method, your check is more
like:

IF (Request.form("address2").value = "xyzzy") AND 
(Request.form("address3").value = "") THEN
'OK to send the mail
'...
ELSE
'Have a form spammer...
END IF

-- 
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php

<Prev in Thread]	Current Thread	[Next in Thread>
Image Verification on insert record, Gary Woodward Re: Image Verification on insert record, Joe Makowiec <= Re: Image Verification on insert record, Gary Woodward Re: Image Verification on insert record, Joe Makowiec Re: Image Verification on insert record, Gary Woodward Re: Image Verification on insert record, Joe Makowiec Re: Image Verification on insert record, Gary Woodward Re: Image Verification on insert record, Joe Makowiec Re: Image Verification on insert record, Gary Woodward Re: Image Verification on insert record, jsteinmann

Previous by Date:	Image Verification on insert record, Gary Woodward
Next by Date:	Re: Image Verification on insert record, Gary Woodward
Previous by Thread:	Image Verification on insert record, Gary Woodward
Next by Thread:	Re: Image Verification on insert record, Gary Woodward
Indexes:	[Date] [Thread] [Top] [All Lists]