Preventing bots?
in [ASP]
|
From: 7777 on 7 Dec 2009 15:01 Hello can anyone recommend a good way of preventing bots submitting data in asp pages? The following link http://www.brainjar.com/asp/formmail/default2.asp describes a method but what if the client doesn't have cookies enabled? Thanks in advance.
From: Evertjan. on 7 Dec 2009 16:04 7777 wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general: > Hello can anyone recommend a good way of preventing bots submitting > data in asp pages? Depends on your definition of bots. Bots as Google bot do not. You cannot submit to an asp page in sensu strictior, only to the rendered html page, which has nothing to do with asp. Yes, you could try to prevent the resulting submitted data if the submitting user is not human by serverside asp code, but there will never be a "good way", especially when such way is published here. Is your webside really so important that this is a serious threat? If so human submission will be too. -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
From: Dooza on 8 Dec 2009 04:12 On 07/12/2009 20:01, 7777 wrote: > Hello can anyone recommend a good way of preventing bots submitting data in > asp pages? The following link > http://www.brainjar.com/asp/formmail/default2.asp describes a method but > what if the client doesn't have cookies enabled? Thanks in advance. There is a method I use called the Honey Pot. It gets around automated form spam bots that fill in all fields with junk and submit it. Setup your form as normal, but include 2 extra fields. Make sure they are in a DIV of there own, and hide this DIV using CSS. One form field has the value filled in, and the other one has a blank value. Name the form fields well, but label them clearly so that if a screen reader is used to read the page it understands what is going on. On the form processing page, make sure that the field with the known value still has the correct value, and the one without still doesn't have it. Form spam bots will mostly fail this test due to just filling in all fields. The key to this is to create a success message for when this fails. It makes them think it was successful so they won't spend extra time trying to make it work. Yes, this can be beaten if a human actually looks at the code, but in my experience, and from the experience of others from whom I learnt this technique, its pretty darn good. Dooza
From: 7777 on 8 Dec 2009 12:37 Thanks to you both for your interesting insight, much appreciated. I came across this conversation http://www.webmasterworld.com/webmaster/3322243.htm which one persons mentions the 'Honey Pot' method also which sounds like a great idea. Would perhaps just putting a hidden field control like the user 'rocknbil' mentions also do the trick? "Dooza" <steveNO(a)SPAM.dooza.tv> wrote in message news:u1xqvY%23dKHA.6000(a)TK2MSFTNGP06.phx.gbl... > On 07/12/2009 20:01, 7777 wrote: >> Hello can anyone recommend a good way of preventing bots submitting data >> in >> asp pages? The following link >> http://www.brainjar.com/asp/formmail/default2.asp describes a method but >> what if the client doesn't have cookies enabled? Thanks in advance. > > There is a method I use called the Honey Pot. It gets around automated > form spam bots that fill in all fields with junk and submit it. > > Setup your form as normal, but include 2 extra fields. Make sure they are > in a DIV of there own, and hide this DIV using CSS. One form field has the > value filled in, and the other one has a blank value. Name the form fields > well, but label them clearly so that if a screen reader is used to read > the page it understands what is going on. > > On the form processing page, make sure that the field with the known value > still has the correct value, and the one without still doesn't have it. > Form spam bots will mostly fail this test due to just filling in all > fields. > > The key to this is to create a success message for when this fails. It > makes them think it was successful so they won't spend extra time trying > to make it work. > > Yes, this can be beaten if a human actually looks at the code, but in my > experience, and from the experience of others from whom I learnt this > technique, its pretty darn good. > > Dooza
From: Dooza on 8 Dec 2009 12:45 On 08/12/2009 17:37, 7777 wrote: > Thanks to you both for your interesting insight, much appreciated. I came > across this conversation http://www.webmasterworld.com/webmaster/3322243.htm > which one persons mentions the 'Honey Pot' method also which sounds like a > great idea. Would perhaps just putting a hidden field control like the user > 'rocknbil' mentions also do the trick? Its the basic way of doing a honey pot, the method I outlined is just a little bit more advanced. I think that some spam bots have learnt to ignore hidden fields, so using CSS to hide the fields gets around this. Its up to you which one you use. I have seen several versions over the years, this one just happens to be one that works for me and some others. Dooza
|
Pages: 1 Prev: Need ASP script to Generate Unique Session ID Next: Extending Session Timeouts |