Home  |   Web Site Hosting  |   Email Services  |   Domain Names  |   Support    
Knowledge Base
Knowledge Base Search:
Contact Us
Customer Service
Technical Support
Technical Specifications
Terms Of Service
Privacy Promise
Abuse Policy
My Account

 

 
Web Site "Form-Spam"
About Form-Spam

"Form-Spam" is advertisements submitted to forms on web sites. The advertisement gets emailed or otherwise conveyed to the person who reviews the web site form submissions.

Form Spammers use programs that take a list of web site forms, opens the forms, pastes their spam message into it and then submits it. They purchase or compile lists of forms for their program to use.

Form-spam has become prevalent over the last few years because web form submissions normally by-pass spam filters and are read by people who are either employed or can afford their own web site.
 
Two Approaches to Blocking Form-Spam

There are two ways to easily block form spam using Microsoft FrontPage. The best way for you depends on your web site and situation.

The first way is to include a security code in the form, which form respondents must enter before the form will submit. This is easy with Microsoft FrontPage forms, and doing so is described below. It does, however, require your form respondent to types in the security code you provide. This can be seen as an inconvenience for your respondent, when convenience is a high priority.

To block form spam without a security code, simply change the name of the form page. Microsoft FrontPage will offer to update all of the hyperlinks in your web site to the new page name, so all of your links to the form will continue to work properly. This foils form spammers because the page name in their list no longer works.

The two drawbacks to simply changing the form page name can be:

  1. If pages outside your web site link to your form, you cannot change the links on other people's web sites. In this case, links that you want to your form will no longer work.
     
  2. When you change the form page name, it will eventually be picked up again and get back into the form spam database. You will need to change the page name periodically when you start getting form spam again.
Blocking Form-Spam with a Security Code

Blocking form-spam with a security code in a Microsoft FrontPage form is actually quite easy, and quite effective.

  1. Open the page containing your form with FrontPage.
  2. Add a note to your form instructing the form respondent to enter a security code, and then include a number in your note to serve as the security code. It must be a number to work correctly with FrontPage.
  3. Add a "text box" form field to accept the security code.
  4. Set validation on the form field to require the number you specified as the security code.
    • Double click the text box form field,
    • Click the "Validate" button and you get the "Text Box Validation" window illustrated below.
    • Check the "Required" box under "Data length"
    • Check both boxes under "Data value" and enter your security code number in both "Value" boxes.
    • Select the drop down boxes so that one is "Greater than or equal to" and the other is "Less than or equal to".
    • Provide a "Display name" like the name of your security code in your web form instructions. Otherwise, a warning will popup using the field name if submitters do not provide the correct code.

 

The result of this form field and validation is that form respondents must enter the security code number in the security code field before they can submit the form.

It doesn't really matter if the security code is always the same. First, the robot programs that submit the forms do not read the form and will not know what the code is. Second, although the people selling these robot programs could check your code and add it into their program, they don't for various reasons.

Something as simple as this will not only stop form spam, but it will also give your forms a more professional look and feel.
 
Blocking Form-Spam with Other Web-Authoring Software
There are various ways to block form-spam other than using the FrontPage form field validation.
  1. If you are already using Java Script form field validations, you can simply add a new field and verify the respondent enters a pre-defined security number, as above.
     
  2. If you are using CommerceStreet.com's FormMail.asp or FormMail.aspx form handlers, you can add the following code to either program, which are pre-installed in your /cgi-bin directory. This code is now included in the pre-installed programs, so new customers may not need to make this addition.

    '**********************************************
    '** Check for form-spam security implementation

    If request.form("cscSecurityID") > "" Then
      If NOT request.form("cscSecurityID") = request.form("cscSecurityIDverify") Then
        response.redirect("/" )
      End If
    End If

    After adding this code to the form handler, add two form field to your form:
    - a hidden field named cscSecurityID, with a code assigned as it's value,
    - and a text box named cscSecurityIDverify.
    If the hidden field does not match the entered field, the form is not processed. You can create an error page to tell people to back up and enter the code, if you'd like. Specify that page in the "response.redirect" statement instead of the /, which directs the browser to your home page.

If you host your web site with CommerceStreet.com and have questions or problems, please contact our technical support.

CommerceStreet.com will provide technical support to the customers of other hosting providers. If you host your web site with another company, please contact your hosting provider for technical support.

CommerceStreet.com® Technical Support

Phone (business hours):
  DFW Metro: 817-792-3332
  Toll Free: 1-888-585-3332

Email (24/7):
  Customer Service: Service@CommerceStreet.com
  Technical Support: Support@CommerceStreet.com
 
 
   Home  |   Contact Us  |   Legal  |   Terms Of Service  |   Privacy Promise  |   Support

   © 2004 Commerce Street, Inc. All right reserved.