scottcarson
02-14-2011, 12:41 AM
(This post is for advanced users)
Hi everyone,
Storm Applied Technologies would like to share our latest research with web programmers. In this case, it's blocking spam to a web site that contains forms. This list is by no means complete, nor should it be used verbatim. Rather, it is merely a roadmap for areas to cover.
1.) CAPTCHA
This should be the most obvious and first step in blocking spam. A captcha generates a random set of characters that (theoretically) can only be read by humans. Insert in your form and you'll cut down on automated bots going wild. We recommend reCAPTCHA:
http://www.google.com/recaptcha
You'll need to create an account with reCAPTCHA, download it, and generate a key. Then, it's a case of pasting the HTML code for it into your form. Easy!
2.) AUTHORIZATION/ACTIVATION EMAIL
Assuming one of the fields in your form is "email address:" and on the rare occasion that a bot figures out your captcha code, you can send out an "activation required" email whereby the user must click on a link sent to their email account. Until they do so, the form does not get delivered. Storm recommends coding the form in PHP and using PHPMailer (http://sourceforge.net/projects/phpmailer/) for mail delivery.
3.) .HTACCESS REWRITES
Assuming your site is hosted on a Linux server and you can get shell access to it, you can block many bots using the ReWrite engine. Without typing our entire .htaccess file, here's 2 great links on rewrites:
http://www.spanishseo.org/block-spam-bots-scrapers
http://www.besthostratings.com/articles/block-bad-bots.html
4.) PHP SCRIPTING
Before the form even gets loaded, you can do a test with PHP and gethostbyname() that checks if the user's IP address is listed in any blacklist. Some great examples are given here:
http://php.net/manual/en/function.gethostbyname.php
Hi everyone,
Storm Applied Technologies would like to share our latest research with web programmers. In this case, it's blocking spam to a web site that contains forms. This list is by no means complete, nor should it be used verbatim. Rather, it is merely a roadmap for areas to cover.
1.) CAPTCHA
This should be the most obvious and first step in blocking spam. A captcha generates a random set of characters that (theoretically) can only be read by humans. Insert in your form and you'll cut down on automated bots going wild. We recommend reCAPTCHA:
http://www.google.com/recaptcha
You'll need to create an account with reCAPTCHA, download it, and generate a key. Then, it's a case of pasting the HTML code for it into your form. Easy!
2.) AUTHORIZATION/ACTIVATION EMAIL
Assuming one of the fields in your form is "email address:" and on the rare occasion that a bot figures out your captcha code, you can send out an "activation required" email whereby the user must click on a link sent to their email account. Until they do so, the form does not get delivered. Storm recommends coding the form in PHP and using PHPMailer (http://sourceforge.net/projects/phpmailer/) for mail delivery.
3.) .HTACCESS REWRITES
Assuming your site is hosted on a Linux server and you can get shell access to it, you can block many bots using the ReWrite engine. Without typing our entire .htaccess file, here's 2 great links on rewrites:
http://www.spanishseo.org/block-spam-bots-scrapers
http://www.besthostratings.com/articles/block-bad-bots.html
4.) PHP SCRIPTING
Before the form even gets loaded, you can do a test with PHP and gethostbyname() that checks if the user's IP address is listed in any blacklist. Some great examples are given here:
http://php.net/manual/en/function.gethostbyname.php