Hello can anyone recommend a good way of preventing bots submitting data in
asp pages? The following link
http://www.brainjar.com/asp/formmail/default2.asp describes a method but
what if the client doesn't have cookies enabled? Thanks in advance.
There is a method I use called the Honey Pot. It gets around automated
form spam bots that fill in all fields with junk and submit it.
Setup your form as normal, but include 2 extra fields. Make sure they
are in a DIV of there own, and hide this DIV using CSS. One form field
has the value filled in, and the other one has a blank value. Name the
form fields well, but label them clearly so that if a screen reader is
used to read the page it understands what is going on.
On the form processing page, make sure that the field with the known
value still has the correct value, and the one without still doesn't
have it. Form spam bots will mostly fail this test due to just filling
in all fields.
The key to this is to create a success message for when this fails. It
makes them think it was successful so they won't spend extra time trying
to make it work.
Yes, this can be beaten if a human actually looks at the code, but in my
experience, and from the experience of others from whom I learnt this
technique, its pretty darn good.
Dooza