R E C E N T     E N T R I E S

POSTED: Tuesday, December 15, 2009

Stop Comment Spam

On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message. The message was a United States Internal Revenue Service (IRS) phishing scam. 

As moderator of several technology blogs we have seen an increase this year of "comment spam".  You've probably seen it too...advertisements pretending to be helpful advice posted on a blog with numerous links back to the retailer.

Comment Spam by Top Level Domains

We fight these forms of spam with a few simple techniques.
Once the blog post page or "contact us" form has been created (let's call it "contact-us.asp") we make sure the form posts to a specific "processor" page. 
 

<form action="http://www.yoursite.com/form-processor.asp" method="post" id="formOne">
<fieldset>
<legend><p>CONTACT FORM</p></legend>
<label for="xname">Your Name</label><br />
<input name="xname" id="xname" type="text" value="<%=xname%>" size="40" />
<br />
<label for="xemail">eMail</label><br />
<input type="text" id="xemail" name="xemail" value="<%=xemail%>" size="40" />
<br />
<label for="xcomments">Comments</label><br />
<textarea name="xcomments" id="xcomments" cols="40" rows="6"><%=xcomments%></textarea>
</fieldset>
<fieldset>
<legend><p>CAPTCHA</p></legend>
<p>What is this? This <strong>CAPTCHA</strong> prevents webbots from harvesting email addresses and helps prevent spam!&nbsp; Simply type in the answer to the question as a number, <strong>&quot;What is two times three?&quot;</strong></p>
<label for="xcaptcha">CAPTCHA</label>
<input type="text" id="xcaptcha" name="xcaptcha" value="<%=xcaptcha%>" size="40" />
<br />
<input type="submit" value="Submit" name="submitbutton" id="submit" class="button" />
</fieldset>
</form> 

Along with other fields, we also include a very simple Captcha which we'll get to in a minute.

On the form-processor.asp page we declare and grab the variables AND the referring form page! 

This prevents the form from being submitted from another site or a spoofed page.

<%
Dim xsubject,xname,xemail,xcomments, http_referer

xcheck = Request.ServerVariables("HTTP_REFERER")
xname = Trim(Request.Form("xname"))
xemail = Trim(Request.Form("xemail"))
xcomments = Trim(Request.Form("xcomments"))
xcaptcha = Trim(Request.Form("xcaptcha"))
%>

If the referring page isn't your form then write a warning and stop the process

<%
if xcheck<>"http://www.yoursite.com/contact-us.asp" then
response.write("We do not allow automatic bots to access this page.")
else
%>

Now see if the Captcha is correct.  Our "two times three" field sould be the numeral six.

<%
if xcaptcha="6" then
%>

Process the rest of your form here.   Send it as an email or post it to a database or both.

<%else%>

I'm sorry, there was an error in your captcha code answer.  Please <a href="javascript:history.go(-1)">go back</a> and try again.

<% end if%>

By using these simple techniques we have substantially reduced our comment spam.

Posted by Michael MacNaughton on Tuesday, December 15, 2009 in ASP (4)

Comments

1. Thank you for the advice. www.mylifepassport.com also has advice.
by Kent



Name
URL
Email
Email address is not published
Remember Me
Comments

CAPTCHA
Write the characters in the image above