Preventing bots?

[7777]

Hello can anyone recommend a good way of preventing bots submitting data in
asp pages? The following link
http://www.brainjar.com/asp/formmail/default2.asp describes a method but
what if the client doesn't have cookies enabled? Thanks in advance.

 

[Evertjan.]

7777 wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general:

Hello can anyone recommend a good way of preventing bots submitting
data in asp pages?

Depends on your definition of bots.

Bots as Google bot do not.

You cannot submit to an asp page in sensu strictior, only to the rendered
html page, which has nothing to do with asp.

Yes, you could try to prevent the resulting submitted data if the
submitting user is not human by serverside asp code, but there will never
be a "good way", especially when such way is published here.

Is your webside really so important that this is a serious threat?
If so human submission will be too.

 

[Dooza]

Hello can anyone recommend a good way of preventing bots submitting data in
asp pages? The following link
http://www.brainjar.com/asp/formmail/default2.asp describes a method but
what if the client doesn't have cookies enabled? Thanks in advance.

There is a method I use called the Honey Pot. It gets around automated
form spam bots that fill in all fields with junk and submit it.

Setup your form as normal, but include 2 extra fields. Make sure they
are in a DIV of there own, and hide this DIV using CSS. One form field
has the value filled in, and the other one has a blank value. Name the
form fields well, but label them clearly so that if a screen reader is
used to read the page it understands what is going on.

On the form processing page, make sure that the field with the known
value still has the correct value, and the one without still doesn't
have it. Form spam bots will mostly fail this test due to just filling
in all fields.

The key to this is to create a success message for when this fails. It
makes them think it was successful so they won't spend extra time trying
to make it work.

Yes, this can be beaten if a human actually looks at the code, but in my
experience, and from the experience of others from whom I learnt this
technique, its pretty darn good.

Dooza

 

[7777]

Thanks to you both for your interesting insight, much appreciated. I came
across this conversation http://www.webmasterworld.com/webmaster/3322243.htm
which one persons mentions the 'Honey Pot' method also which sounds like a
great idea. Would perhaps just putting a hidden field control like the user
'rocknbil' mentions also do the trick?

 

[Dooza]

Thanks to you both for your interesting insight, much appreciated. I came
across this conversation http://www.webmasterworld.com/webmaster/3322243.htm
which one persons mentions the 'Honey Pot' method also which sounds like a
great idea. Would perhaps just putting a hidden field control like the user
'rocknbil' mentions also do the trick?

Its the basic way of doing a honey pot, the method I outlined is just a
little bit more advanced. I think that some spam bots have learnt to
ignore hidden fields, so using CSS to hide the fields gets around this.

Its up to you which one you use. I have seen several versions over the
years, this one just happens to be one that works for me and some others.

Dooza