University Web Developers

University Web Developers

Recently we have begun to experience an increase in spam generated from some of our web (HTML) forms. How do you deal with this? I'm concerned that some solutions may be inaccessible (I.e. CAPTCHA).

Views: 117

Reply to This

Replies to This Discussion

Try this out:

The trick is to add something to the filling out of the form that requires human level cognition, or give the bot a field that it will fill in that a human can't see.
I remember reading a few weeks ago that there is some body that says they can beat Yahoo's CAPTCHA...

Also there was the report about the Stripper software that was a creative way to beat CAPTCHA...

Personally we just delete the messages. It hasn't really gotten out of control, though. Maybe I'll get one a week.
I use a double pronged approach on some of my forms.

I have a field that must remain blank (or else it returns a message saying that we suspect you may be a machine). You have to be careful what you name those remain blank fields for a couple of reasons: 1) Google Toolbar autofill - it might stick a value in there unbeknownst to you and 2) It has to make sense to someone who might be seeing the field with a screen reader (maybe that's not an issue if you set the visibility off).

Secondarily I put a hidden field in my form that is populated when the onclick event fires on the submit button. I then check for that form value on the server side to make sure it's populated with the correct value. This should prevent bots from posting to my page. It basically requires the human interaction of clicking on the button to pass validation.

I'm not sure what the second option does to accessibility. I do not know how screen readers handle onclick events in JavaScript. I guess my assumption is that when you click enter on a button it fires that event so it should work just fine. Its also right in line with the kind of client-side validation that most people have on their forms anyways (like checking that required fields are filled in).

If you're interested in some code let me know.. I was going to blog about this, but have not gotten around to it.
Wouldn't the alternative of checking the referring script on the post page be better than your second technique since it doesn't rely on Javascript? Is there some reason why you wouldn't do it that way?
Checking the referrer is probably a better way. I wasn't really familiar with that approach until I started reading this thread. Thanks for suggesting it.
Oh, cool. Glad I said something.
If you are using at all, you could try the NoBot control that comes with their free ajax extender control toolkit. Here is a link to a demo:

If you are not using or some form of server side code, I'm not sure how you would stop spamming.
I have been using reCAPTCHA ( on some of our forms with success. I am sure it will only be a period of time before this is useless as well. It has an audio CAPTCHA built in for accessibility, and is fairly easy to implement.
Seconded. I have had great results on our blogs with reCAPTCHA. The only spam comments that have come through are obviously human. Before that they were getting hit so much I have to have registration on, which meant no one went through the effort required to comment.
I'm in the minority, but I refuse to put the onus on the user in any way. Instead, I do all the spam prevention on the backend. I use Akismet whenever possible, like this form.
The forms we were having problems with did not ask for any urls. So, I wrote a script that checks each item in the object. If any of them contain "http://" then the script stops and returns to the form page.

We haven't had any spam on those forms since.



Latest Activity

Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with April Buscher from Montana State University Billings to learn how blind readers and people with hearing impairment view and read your website and how you can make it accessible to them."
Amanda Lawson joined Lynn Zawie's group


Share your experiences using OmniUpdate CMS
Aug 9
Amanda Lawson posted a photo

Amanda Lawson

Amanda Lawson, Web Content ManagerCommunity College of Allgheny County
Aug 9
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"High schoolers spend more time on their digital devices than they do sleeping, doing homework, or participating in extracurricular activities. So how do you make your message stand out to them? #eexpect"
Aug 8
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Want to increase digital engagement with high school juniors and seniors? Join our next webcast with Stephanie Geyer from Ruffalo Noel Levitz as she shares new data from the 2019 E-Expectations Trend Report on email, paid media, and social media…"
Jul 31
Charlie Holder joined DNI's group

Cascade Server CMS

For folks who use (or are interested in) Hannon Hill's Cascade Server CMS productSee More
Jul 26
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Is your website in compliance with the new WCAG 2.1? Join our webcast to learn various accessibility guidelines, what’s new in 2.1, and more!"
Jul 22
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Even though GDPR has been in effect for over a year, many U.S. colleges and universities are still struggling with how best to implement the rules. We’re here to help."
Jul 18
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Does your college or university website meet the new WCAG 2.1 accessibility standards?"
Jul 12
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Eric Turner from Mt. San Antonio College, who will share easy steps to make your website GDPR compliant."
Jul 10
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"It is always important to make a good first impression! Join Aaron Blau from Converge Consulting as he covers ways to make your web content attractive to your target audience and create an authentic brand message."
Jun 19
Jon Shaw posted a discussion

email obfuscation

Anyone using a javascript or php email obfuscation library that is effective for spam defense?See More
Jun 11
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Kelly Bostick from University of Arkansas who will provide some great tips on ways to ensure that all of your digital content is accessible."
Jun 6
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Creating and producing website content is just the tip of the iceberg. In our latest white paper, learn how to manage that content to help your website reach its fullest marketing and recruiting potential."
May 30
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A college or university website redesign is the most effective and cost-efficient way to attract and recruit new students. Download our ultimate guide to get started on your redesign today!"
May 28
Cody Bryant is now a member of University Web Developers
May 20
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Rachael Frank from Gravity Switch to learn how to organize your content and messaging for a website redesign."
May 16
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Capitalize on content by creating an editorial calendar for your college or university website. Here’s how:"
May 9
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A soft launch of your website redesign is well worth the extra time. Find out why."
May 2
Linda Faciana posted a blog post

Webcast - Website Redesign | The importance of using content inventories

Join us for our next webcast with Laura Lehman from Eastern Mennonite University to learn how to effectively use Google Sheets during a website redesign and migration! More
May 1

UWEBD has been in existence for more than 10 years and is the very best email discussion list on the Internet, in any industry, on any topic


© 2019   Created by Mark Greenfield.   Powered by

Badges  |  Report an Issue  |  Terms of Service