University Web Developers

University Web Developers

Web Form Spam

Recently we have begun to experience an increase in spam generated from some of our web (HTML) forms. How do you deal with this? I'm concerned that some solutions may be inaccessible (I.e. CAPTCHA).

Views: 151

Reply to This

Replies to This Discussion

Permalink Reply by Michael Fienen on January 30, 2008 at 1:43pm
Try this out: http://www.modernblue.com/web-design-blog/fighting-spam-with-css/

The trick is to add something to the filling out of the form that requires human level cognition, or give the bot a field that it will fill in that a human can't see.
Permalink Reply by Kyle James on January 30, 2008 at 2:18pm
I remember reading a few weeks ago that there is some body that says they can beat Yahoo's CAPTCHA...

Also there was the report about the Stripper software that was a creative way to beat CAPTCHA...

Personally we just delete the messages. It hasn't really gotten out of control, though. Maybe I'll get one a week.
Permalink Reply by Chris Pollock on January 30, 2008 at 2:19pm
I use a double pronged approach on some of my forms.

I have a field that must remain blank (or else it returns a message saying that we suspect you may be a machine). You have to be careful what you name those remain blank fields for a couple of reasons: 1) Google Toolbar autofill - it might stick a value in there unbeknownst to you and 2) It has to make sense to someone who might be seeing the field with a screen reader (maybe that's not an issue if you set the visibility off).

Secondarily I put a hidden field in my form that is populated when the onclick event fires on the submit button. I then check for that form value on the server side to make sure it's populated with the correct value. This should prevent bots from posting to my page. It basically requires the human interaction of clicking on the button to pass validation.

I'm not sure what the second option does to accessibility. I do not know how screen readers handle onclick events in JavaScript. I guess my assumption is that when you click enter on a button it fires that event so it should work just fine. Its also right in line with the kind of client-side validation that most people have on their forms anyways (like checking that required fields are filled in).

If you're interested in some code let me know.. I was going to blog about this, but have not gotten around to it.
Permalink Reply by Anthony on February 4, 2008 at 4:53pm
Wouldn't the alternative of checking the referring script on the post page be better than your second technique since it doesn't rely on Javascript? Is there some reason why you wouldn't do it that way?
Permalink Reply by Chris Pollock on February 5, 2008 at 9:55am
Checking the referrer is probably a better way. I wasn't really familiar with that approach until I started reading this thread. Thanks for suggesting it.
Permalink Reply by Anthony on February 5, 2008 at 10:00am
Oh, cool. Glad I said something.
Permalink Reply by Genevieve Howard on January 30, 2008 at 5:31pm
Permalink Reply by Nathan Sgroi on January 31, 2008 at 11:38am
If you are using asp.net at all, you could try the NoBot control that comes with their free ajax extender control toolkit. Here is a link to a demo: http://www.asp.net/AJAX/AjaxControlToolkit/Samples/NoBot/NoBot.aspx

If you are not using asp.net or some form of server side code, I'm not sure how you would stop spamming.
Permalink Reply by Kevin deLeon on January 31, 2008 at 1:01pm
I have been using reCAPTCHA (http://recaptcha.net/) on some of our forms with success. I am sure it will only be a period of time before this is useless as well. It has an audio CAPTCHA built in for accessibility, and is fairly easy to implement.
Permalink Reply by Anthony on February 4, 2008 at 4:55pm
Seconded. I have had great results on our blogs with reCAPTCHA. The only spam comments that have come through are obviously human. Before that they were getting hit so much I have to have registration on, which meant no one went through the effort required to comment.
Permalink Reply by Stephanie Leary on January 31, 2008 at 3:25pm
I'm in the minority, but I refuse to put the onus on the user in any way. Instead, I do all the spam prevention on the backend. I use Akismet whenever possible, like this form.
Permalink Reply by Mike Adams on January 31, 2008 at 4:58pm
The forms we were having problems with did not ask for any urls. So, I wrote a script that checks each item in the object. If any of them contain "http://" then the script stops and returns to the form page.

We haven't had any spam on those forms since.

RSS

Elsewhere

Latest Activity

Sara Kisseberth posted a discussion

Archived magazine stories

Greetings,What are you all doing online with "old" magazine stories? Do you delete issues after so  many years? 5 years? 10? I'm torn between keeping all on for historical purposes or keeping just a few years online to simplify the site (ala Gerry McGovern.) Curious as to what you see best practices being.ThanksSara KisseberthBluffton Universitywww.bluffton.eduSee More
Jun 10
0 Comments
Erin Jorgensen posted a discussion

HighEdWeb 2020 Accessibility Summit

The HighEdWeb 2020 Accessibility Summit is a one-day, online conference about digital accessibility in higher education happening June 25, 2020, from 10 a.m. to 5 p.m. CDT.Join in to learn best practices, share stories and connect with your higher ed peers on topics including social media accessibility, web development, user experience and more. Sessions are designed to boost knowledge at every level, from accessibility beginners to technical experts. Conference registration is $25, with…See More
May 29
0 Comments
Erin Jorgensen is now a member of University Web Developers
May 29
Welcome Them!
Christine Boehler posted a discussion

HighEdWeb 2020 Annual Conference - ONLINE

October 19-20, 2020https://2020.highedweb.org/#HEWeb20     Join us ONLINE for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. In 2020, the Conference will be held completely online, offering multiple tracks of streamed presentations, live…See More
May 3
0 Comments
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Throughout April, we're hosting webcasts exploring how colleges and universities across North America are responding to the COVID-19 pandemic. Register for the series today! https://bit.ly/2xsXhK9"
Apr 13
Christelle Lachapelle is now a member of University Web Developers
Apr 6
Welcome Them!
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Download our latest white paper to learn how the demographics of today’s higher ed learners are shifting, and how schools can adapt to meet the needs of these new learners. https://bit.ly/2wTKdgB"
Mar 31
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Join our next webcast with Amrit Ahluwalia from The EvoLLLution to learn about the new "modern learner" in higher education. https://bit.ly/2UuDh2I"
Mar 30
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"As we ride out the latest developments and impact of the coronavirus, there's no better time than now to learn the three Bs of crisis planning. http://bit.ly/2ITVkc2"
Mar 16
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Is your college or university prepared to meet the challenges that come with disasters and emergencies like the coronavirus? Learn how your CMS can help. http://bit.ly/2TUZUM8"
Mar 12
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Can’t afford the time and money to launch a comprehensive guided pathways model? Register for our FREE webcast to learn tricks for simulating a digital guided pathways experience."
Feb 21
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"With college enrollment decreasing for the 8th year in a row, boosting your college or university marketing efforts is more important than ever. Here's how to get started. http://bit.ly/2vTQAzz"
Feb 20
Christine Boehler posted a discussion

HighEdWeb 2020 Annual Conference

October 18-21, 2020 in Little Rock, Arkansas, USAhttps://2020.highedweb.org/#HEWeb20     Join us for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. With 100+ diverse sessions, an outstanding keynote presentation, intensive workshops, and engaging networking events,…See More
Feb 19
0 Comments
Christine Boehler posted a discussion

HighEdWeb 2020 Call for Proposals is Open!

The 2020 Annual Conference of the Higher Education Web Professionals Association (HighEdWeb) will travel to Little Rock, Arkansas, this October 18-21 — and the call for proposals is now open! As a digital professional in higher education, we know you have great ideas and experiences to share. From developers, marketers and programmers to managers, designers, writers and all team members in-between, HighEdWeb provides valuable professional development for all who want to explore the unique…See More
Feb 14
0 Comments
Christine Boehler shared Sara Clark's discussion on Facebook

Register for HighEdWeb 2018 by Sept. 21

Feb 14
Christine Boehler is now a member of University Web Developers
Feb 14
Welcome Them!
Brian Bell joined Kevin Daum's group
Thumbnail

Ruby and Python Developers

Feb 14
0 Comments
Brian Bell joined Mark Greenfield's group
Thumbnail

Drupal

Feb 14
8 Comments
Kenneth George is now a member of University Web Developers
Feb 13
Welcome Them!
John Sterni is now a member of University Web Developers
Feb 6
Welcome Them!

UWEBD has been in existence for more than 10 years and is the very best email discussion list on the Internet, in any industry, on any topic

About

Mark Greenfield created this Ning Network.

© 2020   Created by Mark Greenfield.   Powered by

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!