Knowledgebase » Knowledgebase » Programming » Other programming issues

How do I prevent spammers to use my contact form to send spam mail ?

Mark — Tue, 11 Aug 2009 16:55:18 GMT

A spambot is an automated computer program designed to assist in the sending of spam. Some of spambot is designed to attack contact form. To prevent spammers use your contact form, you need to customize your form so that only human visitor, not a spambot, can use your form. You will need some programming skill to perform the customization.

Here are some effective methods:

Creating a hidden field inside your contact form and the default value is set to empty. If it is spambots keep submitting your contact form, it will also submit value to the hidden field. You can verify the hidden field to identify whether it is spambot.
Similar to method 1. But, this time, you add an input box to your contact form and set the input box as invisible by using css. This way can further confuse and increase the workload of the attacker.
Similar to method 1. But this time, you add 2 hidden fields having similar names such as token1 and token2. Populate token1 with a random value. Populate token2 with a reversed string and then validate upon POST. Many spammers will post data to both fields and never expect validation to sort of mirror each other.
Counting the occurrence of the string that posted from different fields. Spambots often post the same data to multiple fields, often "http://" or "[url". Most validation scripts loop through all the posted variables. When looping through the posted values, conditionally increment a counter.
Using session. Generate a random string when the visitor first arrives at the site, and save it in a session variable. On the Contact form, break up the random string into about 4 chunks, each displayed using a different font color. Ask the user to enter the red characters in a box near the submit button. Validate the submitted data and generate an error message if the wrong value is posted. Robots won't be able to guess the random string.
Limit form submission from a specific IP address within a time period.
Making use of CAPTCHA. However, CAPTCHA can be hard to read even for humans. And if implemented wrong, they will be read by the bots

For details of method 2, please refer to
http://klauskjeldsen.dk/2007/07/19/avoid-html-form-spam-using-css/

For details of method 1, 3, 4, 5 and 6, please refer to
http://www.hockinson.com/index.php?s=182

For details of method 7, please refer to
http://www.online-tech-tips.com/web-site-tips/use-a-captcha-to-prevent-comment-spam-or-to-hide-an-email-address-and-help-digitize-books-at-the-same-time/

Why cannot upload file through my web site?

Mark — Mon, 29 Jun 2009 05:22:57 GMT

When upload file through web site, web site user need to have write permission for the folder which used to store file.
Please click <here> for instruction of how to set permission.

Windows Account :
For ASP.NET application, web user is "Network Service" (for win2003 & win2008) and "ASPNET" (for win2000)
For other applications, web user is "IUSR_memberID"

Linux Account:
Please change folder permission to 777

*For security reason, please only grant write permission for the folder(s) which need it.

Website using MySQL return "Too many connections" error

Mark — Thu, 07 May 2009 13:42:48 GMT

Your website may have established too many connections to MySQL database. When the number of open connection reach the limit, "Too many connections" error will return.

To fix it temporary, you can login your Hosting Control Panel -> Database -> MySQL Admin, click the "Flush Host" button beside your database.

* IMPORTANT: You need to check your script whether all opened connections are closed. Otherwise the same problem will occur again and again when your site being visited

Why is my ASP page returning ...must be updateable query.. messages when trying to make changes to MS Access DB?

Mark — Wed, 24 Dec 2008 11:09:23 GMT

This happens when your .MDB file does not have WRITE permissions. To fix the problem, go to your Hosting Control Panel, go to Security, go to File Permission on the left hand menu. In there, browse to the folder that contains your .mdb file and give the .mdb file Read + Write to user IUSR_MEMBERID for the .MDB file.

If this still give you error, you'll have to give write permission to the ENTIRE folder that contains the database .MDB file.

My page returns a ODBC not found error?

Mark — Wed, 24 Dec 2008 10:55:07 GMT

You get this error because you did NOT setup an ODBC connection yet. Login to Control Panel and click on the Database -> Create ODBC/DSN icon to create an ODBC connection.