Preventing bots?

Discussion in 'ASP General' started by 7777, Dec 7, 2009.

  1. 7777

    7777 Guest

    Hello can anyone recommend a good way of preventing bots submitting data in
    asp pages? The following link
    http://www.brainjar.com/asp/formmail/default2.asp describes a method but
    what if the client doesn't have cookies enabled? Thanks in advance.
     
    7777, Dec 7, 2009
    #1
    1. Advertisements

  2. 7777

    Evertjan. Guest

    7777 wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general:
    Depends on your definition of bots.

    Bots as Google bot do not.

    You cannot submit to an asp page in sensu strictior, only to the rendered
    html page, which has nothing to do with asp.

    Yes, you could try to prevent the resulting submitted data if the
    submitting user is not human by serverside asp code, but there will never
    be a "good way", especially when such way is published here.

    Is your webside really so important that this is a serious threat?
    If so human submission will be too.
     
    Evertjan., Dec 7, 2009
    #2
    1. Advertisements

  3. 7777

    Dooza Guest

    There is a method I use called the Honey Pot. It gets around automated
    form spam bots that fill in all fields with junk and submit it.

    Setup your form as normal, but include 2 extra fields. Make sure they
    are in a DIV of there own, and hide this DIV using CSS. One form field
    has the value filled in, and the other one has a blank value. Name the
    form fields well, but label them clearly so that if a screen reader is
    used to read the page it understands what is going on.

    On the form processing page, make sure that the field with the known
    value still has the correct value, and the one without still doesn't
    have it. Form spam bots will mostly fail this test due to just filling
    in all fields.

    The key to this is to create a success message for when this fails. It
    makes them think it was successful so they won't spend extra time trying
    to make it work.

    Yes, this can be beaten if a human actually looks at the code, but in my
    experience, and from the experience of others from whom I learnt this
    technique, its pretty darn good.

    Dooza
     
    Dooza, Dec 8, 2009
    #3
  4. 7777

    7777 Guest

    Thanks to you both for your interesting insight, much appreciated. I came
    across this conversation http://www.webmasterworld.com/webmaster/3322243.htm
    which one persons mentions the 'Honey Pot' method also which sounds like a
    great idea. Would perhaps just putting a hidden field control like the user
    'rocknbil' mentions also do the trick?
     
    7777, Dec 8, 2009
    #4
  5. 7777

    Dooza Guest

    Its the basic way of doing a honey pot, the method I outlined is just a
    little bit more advanced. I think that some spam bots have learnt to
    ignore hidden fields, so using CSS to hide the fields gets around this.

    Its up to you which one you use. I have seen several versions over the
    years, this one just happens to be one that works for me and some others.

    Dooza
     
    Dooza, Dec 8, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.