Spam filtering in online forms

Added on: Saturday 10th January 2009

I have several enquiry forms on some reasonably high traffic web sites and I have been getting a daily bombardment of rubbish from spambots automatically filling in these forms. One of the forms even has CAPTCHA on it but this isn't very effective.

I came across this great article on reducing the amount of spam in online forms the other day and thought I would try a few of the techniques myself.

So the other day I implemented the following (in the order below) on one of my forms.

  • Hidden form element - The form now includes a text box (hidden using CSS) with an explanatory label in case it does display. If this is filled in during the form submission then its likely to be spam.
  • Detection of  suspicious code - this checks the submission for the [url code which signifies that someone is trying to include links to other sites.
  • Detection of multiple links - this checks the number of times a hyperlink is used within the form. If more than three are detected then this is likely to be a spam entry.
  • Detection of keywords - we have all had the emails or form submissions that include links to the more dodgy sites so you know the sort of words I'm talking about!

The PHP script that processes the form submission checks for the above in the order listed and adds some text (SPAM) followed by the reason (one of the methods above) to the subject of the email. For the time being I'm only monitoring these submissions so they are still coming through to me but I'm pleased to report that it seems to be extremely effective with all the suspect emails correctly identified.

I'll continue to monitor for a while and then change the script so that it doesn't let any spam emails through.

However, we've already written the hidden field into the form building routine of our Content Management System.

comments powered by Disqus