Do you have any email or contact forms on any of your websites? Do you get much spam through them? Chances are, if you don’t yet then you will at some point unless you do something to prevent this time-sapping scourge.
Fighting this form of spam by blocking IP addresses or by keywords tends to have only a limited effect as spammers have access to large networks of many compromised machines, operating from a vast number of different IP addresses (some of which may belong to genuine visitors).
One of the weaknesses of automated form spam is that it’s not intelligent (at least not yet) and when challenged in some way that it’s not been programmed to handle, will fail.
One of my websites is currently being targetted with automated form submission spam. The resultant emails don’t go any further than my copy of MailWasher Pro, but I’d rather they weren’t eating that far into my resources. So, I’ve just implemented a fairly straightforward CAPTCHA on the forms based upon an excellent tutorial over at PHP MySQL Tutorial and it works like a charm.
The script generates an image of a sequence of random numbers, which is shown on your email form for the visitor to read and enter into a confirmation field. If your visitor fails to correctly enter the correct sequence of numbers then they don’t get any further.
There are more sophisticated systems that produce images designed to thwart spam scripts with optical character recognition (OCR). If I start seeing spam through the protected forms then I’ll look at making the images less legible. One relatively easy tweak is to have the numbers appear over a random background image, which would make them more difficult to distinguish.
One thing I’m curious about is just how much of a hinderance genuine visitors will find the CAPTCHAs.
Technorati Tags: Form spam, CAPTCHA, MailWasher Pro, PHP tutorials
One Response to “CAPTCHA Form Spam”
Trackbacks
Leave a reply