Others have suggested a CAPTCHA which would work, but in this case it seems like you could just return an error if you find any HTML in the comments field.
I doubt it's a human doing it so this would, I think, effectively derail the bot. If you are going to a CAPTCHA you could go simple and see if that solves your problem first. You don't have to do full images and everything to deal with simple (and occasional) bots (in other words bots that won't bother customizing themselves for you). Create a short list of simple questions. Ask one as a validation of humanity. For example "Is there a circle in our logo?", "Does our logo have a bird in it?", "How many letters does our name have?" and so forth. If it is a stray bot it won't bother figuring it out. If it is (an obviously insane) human then they will - and you know you have to go to further lengths. But just checking for HTML seems the easiest way to start - it doesn't change your user experience and would, with luck, stop the problem. Jim Davis > -----Original Message----- > From: Mike Kear [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 11, 2004 7:45 AM > To: CF-Talk > Subject: Spammer fills out my order form - how to stop > > This goes in the category of annoyance rather than anything else, but > I have a spammer filling out one of my clients' order forms and > submitting it - does anyon else have this problem? And any > suggestions how I can stop it? > > THe order form will have such gems as "poker" in every field, with the > comments field completed with a whole bunch of html with the visible > part of the url stating something like > http://www.best-deals-texas-hold-em.info/, but the link points to a > non-existent site, ending up at http://www.outreach.psu.edu/g,/. > > It isnt costing us anything and there is no credit card processing on > this form- its all processed manually, but these orders are going into > my clients inbox and into the database as orders, and they have to be > deleted again. It's damned annoying. > > Any else having this? > > I can't imagine what's the point. I'm sure not going to follow > whatever link is there, and I know my 72year old yoga teacher client > isnt. And anyway the links are pointing to non-existent domains. > What is this idiot hoping to gain by submitting this form all the > time? Anyone have any guesses? > > I can nstop the orders processing by just doing some validation that > prevents the word "poker" or stripping out html from the comments > field, but it's only annoyances for us - all the form does is mail the > submitted info to my client and me so I dont really know if it's worth > it just to save a few deletes. > > What do you guys think? > > -- > Cheers > Mike Kear > Windsor, NSW, Australia > AFP Webworks > http://afpwebworks.com > .com,.net,.org domains from AUD$20/Year > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187208 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
