Today we demonstrate a few useful tips to avoid spam bots using your forms to submit data to customers. If you're lucky enough to be making a bespoke site and not using Wordpress then this guide is for you.
Ajax forms for a long time have been somewhat immune to bots that go out there and send spam. We won't be covering building an Ajax form here, but we will go over the more detailed tips to stop spam if you know your AJAX.
Let's discuss some methods you can use but are often not that effective anymore. Like anything, the more preventative measures you use the better. Just ensure they are completely transparent to the website visitor and do not hinder their experience in any way.
Timeout checks are probably the best classic solution to spam prevention. This involves setting the timestamp on the load of the original form and subsequently on the Posted data and measuring the time taken to fill out the data. Of course no human being can fill out a form as quick as a computer so it's safe to assume that a super speedy submission is going to be spam. Unfortunately, some bots are clever enough to delay posting of submission data to counteract this measure.
A very simple method is avoid using form tags in your HTML all together. Many bots will look for the wrapping tags to even start the process, by simply removing them completely and submitting your Ajax posts via button clicks and return key entries.
Structuring your form in certain ways means you'll no doubt be set up for an attack. If you're getting trouble from bots, you can hide or rename certain elements on the fly. Then simply ensure your posting scripts take these into account.
You can fool some bots into thinking that your field names are different. Be careful not to name your fields standard names. Use non standard naming conventions. So instead of using say "firstname" or "fldFirstname" use something like fldFN. The email field is a great one to use this on. I'd suggest faking the email field and code it to expect a different result You can then carry out validation on those fields and deal with them accordingly in your post processing script.
All of these methods are great ways to limit the general hit rate your forms receive. However, if you're getting a targeted attack and want to stop them coming in then a fantastic way is to use IP monitoring. By capturing the IP of the originator of the submission, you can cross reference it against your own database of nuisance bots. Over time, build up a database of IP ranges that are coming to your forms. You can even set up traps to gain IPs that fail the checks.
There are a number of database that also track spammy IP addresses that other sites have found to be sending spam. Use an API to tap into those and automatically strip any forms that are submitted from these.
Geotracking is another great way to check those IP addresses. It allows you to see the country, region and even town that the IP range is associate with. Then using your own internal algorithm you can decide which countries to let through and which will be automatically blocked. It really does depend on the nature of the business that the from is being developed for. Some sites that are very local business orientated can have only forms submitted from their own country. However, do keep in mind that sometimes people will be travelling so it is not a good idea to completely obliterate these submissions.
If your forms are being submitted by a human element, GeoTracking can do a great job of bringing these kind of submission to a close.
Spam isn’t going to go away. However, there’s a lot better methods to deal with it better. The odd one is going to slip through the net. With this array of methods you see a dramatic reduction and sometimes complete eradication. Let us know if these methods work for you in the comments below.
The page threw up an unspecified error - please try againConfirm