A simple method of reducing automated form submission spam

Since spambots generally fill in all text fields on a form, the simplest method of detecting whether or not the form has been submitted by a robot is to add a dummy text field to the form, hide it using CSS and then check if there's any content in the field on the form handling page.

If there is, the submission is likely to be spam, the form isn't submitted and the robot is redirected.

The dummy form field - we'll call it "date":

<p id='datefield'>
<input id='date' name='date' type='text' size='22' />
<label for='date'><img src='transparent.gif' alt='Please NO NOT fill in this field' /></label>
</p>

The CSS used to hide the field:

p#datefield{
  position: absolute;
  left:-2000px;
}

The code on the form handling page:

<%
  If Not Request.Form("date") = "" Then
  Response.Redirect "errorpage.asp"
  End If
%>

Accessibility note:

Because vistors using screen readers or text only browsers can actually read/see the dummy field, I need to make sure that they know not to fill it in.

To achieve this, I've added a label element containing a transparent gif to the dummy form field and then used the alt attribute of the image to warn the user.


Comments

  • #1
  • Posted by: Quintin
  • On: 11/09/2008 14:27:38

Very interesting technique. Could the code for the form handling page be used in conjunction with the CDOSYS script you have provided on your scripts page? What I mean is, could it be pasted into that script without causing problems?

  • #2
  • Posted by: Mark Voss
  • On: 11/09/2008 15:18:55

Yes, it will work fine. Just paste the code at the top of the form handling page and add the dummy date field to the form itself.

  • #3
  • Posted by: Relin
  • On: 16/04/2009 04:24:25

I see above that there is nothing in the form handling page area, but the comment above mentions putting the code at the top of the form handling page.  The two sections of code above go in the actual form page and what would go into the form handing page?  Where would it be inserted in the script page you provided?  Thanks.

  • #4
  • Posted by: Mark Voss
  • On: 23/04/2009 11:42:52

@Relin, due to a character encoding error, the form handling code couldn't be seen in Internet Explorer. I've amended the code so that it can now be seen in all browsers.

Leave a comment

Please complete the form below to submit a comment on this article. A valid email address is required to submit a comment though it will not be displayed on the site.