Form Spam

Form Spam occurs when nefarious people either by employing rooms full of people, or automated systems probe every form they can find on the Internet. This is aggravating as it can fill your inbox/form reports with garbage inputed into the forms on your website.

They are typically trying to accomplish one of two things. The first is find a vulnerability in the web site that they can exploit to hack it. The other is to send you ads.

There is no 100% sure fire way to stop this from occurring on a form that is exposed to the public Internet, but things can be done to lesson it, by making the form harder for automated systems to use and more time consuming for humans.

Some of the things that can be done are:

1. Block non-US IP addresses. This is only a good idea if you are sure that none of your legitimate users are outside the US.

2. Put a “captcha” on the form which requires a different simple math problem to be done, such as 1 + 4, in order to submit the form.

3. Require that no fields contain the same content as any other field in order to submit the form.

4. Prevent multiple submissions with the same data in the same session.

5. Require first name fields to be populated with only letters and have at least one character filled in.

6. Require last name to be populated with only letters, hyphens or apostrophes, and to have at least two characters filled in.

7. Reject phone numbers and area codes that start with a one or a zero or are of improper length.

8. Reject multiple form submissions from the same IP in a short period of time.

9. Prevent submission of forms where the input contains HTML links.

There are many other checks that can be put in place to reduce the problem of form spam, but the ones listed above are a good start.

Again there is no way to completely get rid of the problem without removing the form, but it can be reduced.

If you have any questions, please <a href=”/contact/”>Contact Us</a>.