[Web4lib] web forms
Thomas Dowling
tdowling at ohiolink.edu
Fri Aug 8 10:30:44 EDT 2008
On 08/08/2008 09:49 AM, Kerry Sullivan wrote:
> I have little to no control over our web presence anymore, but we recently
> experienced a massive spamming of all of our online forms for the entire
> organization. We received thousands of emails overnight from multiple
> forms. We have since disabled our forms and our web programmer is working
> on creating the forms in Flash. He is extremely backed up and has not made
> much progress and in the meantime our users do without.
Flash is a solution to this? I wasn't aware. Make sure you keep an eye
on accessibility issues. If you're making something bots can't read,
are you also making something screen readers can't read?
Your options depend a lot on how much control you have over the forms
and the scripts that handle them. We've recently had some success
(knock wood) by
- using generic field names that don't register with
crawler scripts (<input name="field1"> instead of
<input name="email">)
- putting an honeypot inside comments:
<!--
<input name="email">
-->
- Rejecting posts from anyone who puts gibberish
into the actual e-mail field ("field1" or whatever) or
puts anything into the "email" field.
I've also heard good things about low-grade tricks I think of as
"cognitive CAPTCHAs", like "Enter the word ORANGE in this box:" or
"Enter the number that answers, 'How much is two plus two?'"
--
Thomas Dowling
tdowling at ohiolink.edu
More information about the Web4lib
mailing list