Form spam

From DreamHost
Revision as of 05:32, 15 September 2011 by Scjessey (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Spammers do not just take advantage of vulnerability exploits in computer programs to send e-mail messages in bulk. Given that a web page form means at some point a person will see what is submitted, they will simply submit forms with spam. And while they may be stupid, they are not lazy: they will target your homemade script and not just the thousands of copies of WordPress out there.

Solution

There are some. But there are some things you can do that might help:

  • Filter form data for spam before processing it
  • Show a preview before processing to discourage spam
  • Block access based on ip
  • Add a CAPTCHA image to the form and check it's value on the POST of the form.

Security

Form spam is not indicative of a security vulnerability in a script. While form spam can be automated just like the numerous security exploits out there, it can also be done simply by a person with a web browser submitting the same form more than once.