Thursday, May 15, 2008

The search for a secure, accessible, anti-spam form to email script

Two of my clients are getting a lot of contact form spam. The spambots fill out the contact forms with their spammy links and submit them. The strange thing is that a lot of the time the forms are just full of random garbage:
contact via: Phone, at this number: contact_at: tkvhmn@ohmodb.com time to contact: wfqpbwdwi addr1: 1 addr2: http://fbzmzdnszlkv.com/ city: YRGKofnQEDfSFlctLKZ state: uzWAHzZsMKMb zip: nTHOHfQav Comments: OiHpuF http://gjchyfyysgcj.com/">gjchyfyysgcj, [url=http://mkixfgaalkes.com/]mkixfgaalkes[/url], [link=http://snjibiwuplkb.com/]snjibiwuplkb[/link], http://fwzxmxcpvhbo.com/
None of this links to anything. This doesn't make sense to me. Why bother? Another spam form submission that I looked at had links to a titanium manufacturer. Yeah, sending that form to website owners-that'll get them a lot of sales...not. Anyhow, it's annoying to have to weed through them, so I went looking for a solution. The first thing I found was a secure php form to email script by Dagon Design. It has protections against being used as a spam gateway and also protects the site owner from spam submissions with a reCaptcha. I like the reCapcha personally, because it is cool. The words that you type in to prove that you are a human are actually scanned from old books and presented to you in the Captcha as part of a project to identify words in these old books that failed optical character recognition. So, by answering the reCaptcha, you are actually helping the Internet Archive. I think that is cool. But, Captchas have accessibility problems, and we enlightened web dudes are not supposed to use them. So, the next easiest option seems to be to have the contact form HTML encoded in Javascript. This security through obscurity will only work until the spammers get smarter bots, but according to one blogger I read yesterday it hasn't happened to him yet. More than one person linked to the Hivelogic Enkoder, but, as of May 15, 2008, it is not up and running. Perhaps the javascript.about.com version will work. UPDATE: The Hivelogic enkoder is up again! I also found some scripts/clues that used custom programming that involve hash values, hidden form fields, and timers. But none of these was a drop in complete script. I'll have to keep looking and see if I can find the ideal, easy to install, accessible, secure form to email script.

No comments: