Web Forms / Perl / SPAM detection

[- Bob -]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

I'd like to cut down on the spammers. I was thinking that perhaps I
could check the person's IP against blacklists... but most of the
blacklists I know of are mail servers, so I am not sure that is
practical. I am hoping to avoid the "enter this displayed secret code"
mechanism as an annoyance for legit users. But, I am open to
suggestions on existing Perl based solutions (trails blazed before
me!) or just pointers to good resources on programmable solutions to
this issue.

Thanks,

 

[jayjuliano]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

I'd like to cut down on the spammers. I was thinking that perhaps I
could check the person's IP against blacklists... but most of the
blacklists I know of are mail servers, so I am not sure that is
practical. I am hoping to avoid the "enter this displayed secret code"
mechanism as an annoyance for legit users. But, I am open to
suggestions on existing Perl based solutions (trails blazed before
me!) or just pointers to good resources on programmable solutions to
this issue.

Thanks,

Utilize a 'Captcha' system. Have your Perl script generate an image
with a 5 character text code. Then force the user to type the text in
the image before submitting. This will stop bots.

 

[Brian Wakem]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

I'd like to cut down on the spammers. I was thinking that perhaps I
could check the person's IP against blacklists... but most of the
blacklists I know of are mail servers, so I am not sure that is
practical. I am hoping to avoid the "enter this displayed secret code"
mechanism as an annoyance for legit users. But, I am open to
suggestions on existing Perl based solutions (trails blazed before
me!) or just pointers to good resources on programmable solutions to
this issue.

Thanks,

When a load of link spamming bots were hitting our contact forms I found
that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
crap.

 

[Brian McCauley]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

I'd like to cut down on the spammers. I was thinking that perhaps I
could check the person's IP against blacklists... but most of the
blacklists I know of are mail servers, so I am not sure that is
practical.

No, not really. These lists will often block all dynamic IP pools
which would block far too many ligit users.

I am hoping to avoid the "enter this displayed secret code"
mechanism as an annoyance for legit users.

Not to mention, in some jurisdictions, quite possibly grounds for a
law suit from visually impaired users.

 

[Gunnar Hjalmarsson]

I don't like CAPTCHA either.

The CPAN module CGI::ContactForm includes a cookie based spam prevention
feature. It's not waterproof, but it does stop some of the bots.

When a load of link spamming bots were hitting our contact forms I found
that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
crap.

I suppose that would stop the rest of the bots for me too.

 

[Michael Vilain]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

I'd like to cut down on the spammers. I was thinking that perhaps I
could check the person's IP against blacklists... but most of the
blacklists I know of are mail servers, so I am not sure that is
practical. I am hoping to avoid the "enter this displayed secret code"
mechanism as an annoyance for legit users. But, I am open to
suggestions on existing Perl based solutions (trails blazed before
me!) or just pointers to good resources on programmable solutions to
this issue.

Thanks,

My contact page was getting hit by spammers and I tried for a while to
us a block list. It became to burdensome to constantly update it. I
was ready to implement a CAPTCHA but found a really quick solution.

I renamed all the fields to generic names (e.g. FIELD1, FIELD2, etc.)
and added a HIDDEN field which I gave a default value of "" in the form.
In the form processing script (this was PHP, but it will work in PERL
also), if the hidden field has a non-blank value, I know a BOT has
filled out the form and I don't process it further. Only a human
filling out the form and pressing SUBMIT will process it.

Simple and it seems to work. No BOTs have sent me email for a while now.

 

[Gunnar Hjalmarsson]

I renamed all the fields to generic names (e.g. FIELD1, FIELD2, etc.)
and added a HIDDEN field which I gave a default value of "" in the form.
In the form processing script (this was PHP, but it will work in PERL
also), if the hidden field has a non-blank value, I know a BOT has
filled out the form and I don't process it further. Only a human
filling out the form and pressing SUBMIT will process it.

Simple and it seems to work. No BOTs have sent me email for a while now.

Interesting. Do you know if it's the generic names or the hidden fields
that is the key of success? Or is it the combination?

 

[- Bob -]

Interesting. Do you know if it's the generic names or the hidden fields
that is the key of success? Or is it the combination?

Interesting solution. I am thinking that the hidden field is the only
one that really counts. Some bots might go away if they don't see any
fields like "name", "address", "comment", etc, but if you have a
hidden field named "comment", any that stick around will likely fill
it in and reveal their bot-ness.

 

[- Bob -]

On Fri, 04 May 2007 00:31:28 +0200, Gunnar Hjalmarsson

The CPAN module CGI::ContactForm includes a cookie based spam prevention
feature. It's not waterproof, but it does stop some of the bots.

When a load of link spamming bots were hitting our contact forms I found
that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
crap.

I suppose that would stop the rest of the bots for me too.

Good point... every bot that has hit me has pasted HTML in... That's
probably a good detector.

 

[John W. Kennedy]

I have some web forms that are getting hit by spammers sending spam
into the system. They are simple forms, add your name, address, etc.
Perl code handles the form, of course!

So far this works: use external JS file; call from BODY ONLOAD to build
non-trivial submit button; test for it. Robots don't do JS, so can't
submit. Downside: users need JS.

--
John W. Kennedy
"The grand art mastered the thudding hammer of Thor
And the heart of our lord Taliessin determined the war."
-- Charles Williams. "Mount Badon"
* TagZilla 0.066 * http://tagzilla.mozdev.org