I run a number of websites and one problem that I've had to deal with, along with many of our clients at Webstix, Inc., is form spam.

Basically, what happens is when there's a form on a website, there's a script running behind it that the form submits or posts to. That script then does some things and displays some results on the page, gives you another page that says thank you or even does something more complicated like post your comments to a blog or forum. So there are people (spammers), which I believe are in other countries mostly - based on the time that these are sent, that set up "bots" (short for "robots"), which are automated programs sent to web sites to post spam, hoping that their spam gets posted to a web site blog - giving them a link out there to their products or else that the person checking these posts clicks on the link.

The reason why there is so much spam is because sending spam works - people click on spam links. If people didn't click on spam links, it would be proven ineffective and there wouldn't be any. The problem is, some of these spam emails and spam links are crafted to entice people to click on them and so they do. So if they get a response on 0.0001% of all the messages that they (spammers) send out or post on sites, then they know how much spam they have to send out in order to get the responses they need and sales that they want - which is a LOT. Some countries can afford people to do this since they pay people lower wages and since they can make so much by doing it.

We've found some ways to stop spam posts from bots. This is no secret, really:

1. Set up CAPTCHA. What the heck is CAPTCHA, Tony? Well, it stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart". Catchy, huh? :-) You've seen this. It's where you have to enter some letters and/or numbers from an image into a form field. Some sites give you small quiz like asking for the 3rd word in a series of made up words or something similar. Basically, it's like it says - some way to tell if a computer (bot) or human is putting data in the form. Form spam is almost completely removed by doing this. We've had great luck with it. It can be added to most forms on websites.
   
   
2. Set up IP blocking. This is where you notice that you get spam posts from a certain IP address and then you set up a blacklist of IP addresses to never accept data from again. This one's a little more dangerous for two reasons. One, a lot of people have dynamic IP addresses - meaning, it renews every day or so. So you might have one IP address this morning and a different one later in the day or the next day. So blocking an IP address of one user might cause the next person that gets that IP address to be falsely blocked. Secondly, someone's computer could be infected with a virus or worm that is doing this, so someone unknowingly is posting spam to your site and by blocking their IP address, you're shutting them off from posting something that you may want.

The best way to block form spam from bots is with CATPCHA. If some is still getting through, then it's maybe time to implement IP blocking.

It's crazy that this has to be done but that's the world we live in now. It just proves that it's worth keeping good relations with your web developer because you never know when the next kind of attack like this is coming or what it will be. So pay their bills on time and don't hammer on them for something you may not know much about. They do more research and spend more time on things than you probably know.

Maybe I'll post another time about how tough it is being a web developer since you can only bill for time that seems reasonable to clients since they don't understand all that's involved. Web design and development is probably one of the most underpaid jobs out there because people think that anyone who goes to a community college and takes a course for a semester can do it. I read an article once about how the real price people should be paying is $10,000 per page. Ok, that might be a little high but somewhere around $2500 to $5000 per page seems closer. Anyway, that's for another post - stay tuned.

-T

TrackBack URI for this entry

Comments (0)