Stop the Form Spam!
November 8, 2006 5:44 AM

How can I add a random letter verification box to a form on my department's website?

Every morning, and throughout the day, I get drug spam that's generated from a "Submit a Story Idea" form on my department's website at work. How can I add a verification box to the form that will work with random words/letters so the bots can't get to me? I'm the department webmaster, but that doesn't mean I know anything about coding, so the easiest possible route to achieve this is preferred.

Oh, and I use Dreamweaver, for what it's worth.
posted by sjuhawk31 to Computers & Internet (13 answers total)
To enhance your Google-fu, the thing you're looking for is called a CAPTCHA.
posted by Ookseer at 5:50 AM on November 8, 2006


If you're doing the ones where you see a picture of randomly generated and have to type them in, this means server-side scripting of some sort. I believe PHP has this built in. I have done it in Perl using ImageMagick. Here's the downside - it's accessibility-unfriendly.

Alternately, just set up a pair of radio buttons, with one selected by default. The other should be labeled "I AM NOT SPAM." Then you'd need a script to simply drop the responses that don't have the "I AM NOT SPAM" radio button selected.

You're looking at coding, either way.
posted by adipocere at 5:57 AM on November 8, 2006


Is this an intra-net application that the whole internet can get to? Can you close it off to just allow members of your department?
posted by RustyBrooks at 6:06 AM on November 8, 2006


in order to be able to suggest an off the shelf CAPTCHA it would be beneficial to know what language the backend of your website is coded in?
posted by phil at 6:09 AM on November 8, 2006


Some ideas here. I haven't actually got round to doing anything yet, but i will probably go with putting a word into a jpg and asking the user to type that in before hitting send.
posted by jontyjago at 6:09 AM on November 8, 2006


You may not require a full on random image captcha, just the smallest step to defeat bots is necessary, because spammers probably wouldn't take the trouble to write a custom handler for whatever method you come up with (assuming your site isn't high-traffic).

adipocere's radio button suggestion would work, as would any small step that could only be completed by a human. So you could also use an input box that the submitter has to type a word into, and just put the word and a brief explanation in plain text above the box.

If spammers actually bother to try to get round that, which seems unlikely, then you can investigate proper random letters in an image style captchas. But unless this happens, a proper captcha is more effort than is necessary, both to you and your users.
posted by MetaMonkey at 6:09 AM on November 8, 2006


It's a form available to the whole wide world...I work at a University, and we like our alumni to keep in touch. I'm going to look into Ookseer and adipocere's suggestions. We already have a radio button active; I could write the script into that.
posted by sjuhawk31 at 6:11 AM on November 8, 2006


if you don't want to get into the backend programming you might be able to copy and paste some javascript.

i googled "javascript captcha" and found this

http://www.archreality.com/jcap/
posted by wildster at 6:33 AM on November 8, 2006


So I've changed the radio button default to "no" - what code do I have to write that will reject the form submission unless they change it to "yes"?
posted by sjuhawk31 at 6:43 AM on November 8, 2006


What is the value of the action attribute on your form? If it's a mailto: adress, you've already given your email address to spammers, so you need to change that address and switch to a mailer script. If it's already a script, we'd need to know what scripting language to give you specific instructions, but here's a rough version in PHP:

if ( $_GET['name_of_radio_button'] == 'yes' )
{

...CURRENT SCRIPT CONTENTS HERE...

}
posted by scottreynen at 7:00 AM on November 8, 2006


Ah, I see. It's straight HTML for this form - so I guess I've given them the address. I'll have to work with the actual IT folks here to either beef up the page or get rid of it.
posted by sjuhawk31 at 7:02 AM on November 8, 2006


Mefite rcade has created a non-captcha tool for detecting comment spam that may help.
posted by terrapin at 7:18 AM on November 8, 2006


You can also block certain words, this is nicer than making everyone do a captcha. Block the drug names.

A nice captcha is "what is one plus three?" and they enter "four"

:)
posted by jesirose at 7:29 PM on November 8, 2006


« Older Help me set up an online diary study   |   Queer travel in Florida. Newer »
This thread is closed to new comments.