If a visitor to your site is given a way to enter text input, then it’s only a matter of time before spam bots will try to abuse it. In order to combat this, we need to understand how they are doing it.

When a website offers buttons or text input to a visitor, it’s called a “form”. When you click “submit” on a form it takes all the input you just entered (your name, email, etc.) and passes it on to the following page to processing. For example, a guest book may allow you to enter your name and a comment on one page, then after you press “submit”, that input is passed to a second page that reads it and actually puts it in your guest-book’s list of entries.

Spam bots capitalize on that moment were the input is being passed to the processing page. Rather than filling in your form and pressing “submit”, they make a clone of the input that’s sent to the processing page. So they actually skip the form entirely and just constantly send the final input data (their spam message) straight to the processing page. Bots then crawl around the web looking for guestbooks or forums that they have been setup to take advantage of. For example: if they spam bot knows how to submit the form for “Super Cool Guestbook v5.3″, then it will search the web for websites that have that particular guestbooks installed so they can explode it’s form.

To keep the bots at bay, we need to add some input they couldn’t possibly know. The most common solution to this problem is called a “captcha”. Which many web users are already familiar with. Here are a couple examples of what a captcha might look like:

Please type the word you see in the box:

Please enter the word below:

Because the word is in an image, it makes it harder for bots to be able to see and understand the word that is needed to make the form work correctly. This is taken a step further by making the word in the image either distorted or on a complex background which makes it even harder for a computer to figure out.

Does your website have a captcha? If not, it’s just a matter of time before a spam bot abuses it.

If you’d like a captcha for your site, contact me and I can set one up for you.

Thanks,
~Danny

More details on captcha can be found on wikipedia:

http://en.wikipedia.org/wiki/Captcha

Got a website question? Email it to Danny.

Tags: captcha, spam

This entry was posted on Sunday, August 17th, 2008 at 2:30 pm and is filed under Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.