Buck's Tip: HELP! The Spam Jerks Have Taken Over My Form
Jun
27
Written by:
6/27/2008 12:25 PM
I was recently asked the question, "Buck, I have been getting a ton of spam to my emails via my contact forms on some of my sites. Any suggestions for eliminating this problem? I do not have my email on the sites for the spammers to get."
I was recently asked the question, "Buck, I have been getting a ton of spam
to my emails via my contact forms on some of my sites. Any suggestions for
eliminating this problem? I do not have my email on the sites for the spammers
to get."
There is nothing worse than to have a form taken over by the Spam Jerks. More
and more sites are now adding devices which verify that the contact form is being
used by a real person, rather than an automated spambot.
One form of prevention is known as "CAPTCHA" and was introduced to XMod in
version 5.1.
According to wikipedia.org:
"A CAPTCHA is a type of challenge-response test used in computing to
ensure that the response is not generated by a computer. The process involves
one computer (a server) asking a user to complete a simple test which the
computer is able to generate and grade. Because other computers are unable to
solve the CAPTCHA, any user entering a correct solution is presumed to be human.
A common type of CAPTCHA requires that the user type the letters or digits of a
distorted image that appears on the screen. "
The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum,
Nicholas J. Hopper (all of Carnegie Mellon University), and John Langford (then
of IBM). It is a contrived acronym for "Completely Automated Public Turing test
to tell Computers and Humans Apart", trademarked by Carnegie Mellon University.
CAPTCHAs are used to prevent automated software from performing actions which
degrade the quality of service of a given system, whether due to abuse or
resource expenditure. Although CAPTCHAs are most often deployed as a response to
encroachment by commercial interests, the notion that they exist to stop only
spammers is mistaken. CAPTCHAs can also be deployed to protect systems
vulnerable to e-mail spam, such as the webmail services of Gmail, Hotmail, and
Yahoo! Mail.
In XMod, CAPTCHA is used to help ensure that the form is being submitted by a human
being. When included in the form, it displays a random series of letters and
numbers on a randomly colored background. The user must type the letters and
numbers he or she sees into a textbox for verification. If input value matches
what is displayed in the image, the submission is accepted. If they do not
match, the form is not submitted. The <captcha> control uses the DotNetNuke
CAPTCHA control under-the-hood.
How do I configure XMod CAPTCHA support?
- Open your existing XMod form in edit mode
- At the bottom of the form, and directly above the form submit button,
add the following code:
<captcha ref="Captcha1" errormessage="Invalid Value Entered"
errorstyle-cssclass="NormalRed" captchalength="8">
<label>Validation</label>
</captcha>
-
XMod has attributes to configure the text, errormessage, captchachars,
captchaheight, and captchalength. Configuration can be found
at
http://dnndev.com/help/xmod/default.htm (search term: captcha)
A typical captcha code, that I use, may look like this:
And the results would look like this:
Finally, to prevent spammers from using your contact form to send spam
to others through your site, make sure your contact form program verifies that
the form is being sent from your site (and not from a copy of the form on a spam
machine), and make sure the form 'to' address is one belonging to your site.
All this assumes you are not using a 'mailto' form, which is an open invitation
to spammers.
For additional spam prevention measures, XMod MVP, MidSpot has an interesting
article at
http://www.dnndev.com/Blog/tabid/347/EntryID/15/Default.aspx.
Buck Anderson
DNNprofessor