A spambot is an automated computer program designed to assist in the sending of spam. Some of spambot is designed to attack contact form. To prevent spammers use your contact form, you need to customize your form so that only human visitor, not a spambot, can use your form. You will need some programming skill to perform the customization.
Here are some effective methods:
- Creating a hidden field inside your contact form and the default value is set to empty. If it is spambots keep submitting your contact form, it will also submit value to the hidden field. You can verify the hidden field to identify whether it is spambot.
- Similar to method 1. But, this time, you add an input box to your contact form and set the input box as invisible by using css. This way can further confuse and increase the workload of the attacker.
- Similar to method 1. But this time, you add 2 hidden fields having similar names such as token1 and token2. Populate token1 with a random value. Populate token2 with a reversed string and then validate upon POST. Many spammers will post data to both fields and never expect validation to sort of mirror each other.
- Counting the occurrence of the string that posted from different fields. Spambots often post the same data to multiple fields, often "http://" or "[url". Most validation scripts loop through all the posted variables. When looping through the posted values, conditionally increment a counter.
- Using session. Generate a random string when the visitor first arrives at the site, and save it in a session variable. On the Contact form, break up the random string into about 4 chunks, each displayed using a different font color. Ask the user to enter the red characters in a box near the submit button. Validate the submitted data and generate an error message if the wrong value is posted. Robots won't be able to guess the random string.
- Limit form submission from a specific IP address within a time period.
- Making use of CAPTCHA. However, CAPTCHA can be hard to read even for humans. And if implemented wrong, they will be read by the bots
For details of method 2, please refer to
http://klauskjeldsen.dk/2007/07/19/avoid-html-form-spam-using-css/
For details of method 1, 3, 4, 5 and 6, please refer to
http://www.hockinson.com/index.php?s=182
For details of method 7, please refer to
http://www.online-tech-tips.com/web-site-tips/use-a-captcha-to-prevent-comment-spam-or-to-hide-an-email-address-and-help-digitize-books-at-the-same-time/