One Way to Block Form Submission Robots
The amount of spam coming from robots that automatically submit forms is mounting. They pollute forums, inundate email boxes, corrupt databases with loads of wrong information, and vie with legitimate traffic for use of the Internet.
I don't know how to keep them off the Internet. But I can tell you about a way to block them from auto-submitting your forms.
This method switches the form's action URL after the form loads.
The robot reads the action URL hard coded in the form tag.
When used correctly (by a real person), then the form is submitted to the switched URL.
Before telling you how to implement this, let's realize one thing. If your form's action URL is already in spammers' databases, changing the form won't help. They don't need your form anymore. They can bypass your form and submit their spew straight to your form handling software.
Therefore, if your software's URL is already being auto-submitted, your software's URL will need to be changed.
Some software URLs can be changed simply by changing the software's file name. Other software might need to be reinstalled in a different location of your server.
Renaming the software's file name changes the software's URL just like installing the software at a different location does.
Implementing the Action URL Switch
The form tag must contain a name attribute. If it doesn't already have one, give it one.
Here is an example form tag with a name attribute:
<form name="myform" method="POST" action="/cgi-bin/survey.cgi">
The action URL must be to a location somewhere other than the software you really want the form submitted to. It can be a URL to a file that doesn't exist. Or, it might be a URL to a script that logs auto-submission attempts. It's up to you what the URL is, so long as it is different than the URL the form is supposed to be submitted to.
Now, put some JavaScript (provided in a moment) somewhere below the form. It may, but doesn't have to be immediately below the form. It can be all the way at the bottom of the page, if you wish.
The JavaScript will need two edits, (1) the name in your form tag and (2) the URL of the software you want the form submitted to when it's used correctly.
Here is the JavaScript.
<script type="text/javascript"> var NameInFormTag = "myform"; var ActionURL = "/cgi-bin/otherscript.cgi"; eval("document."+NameInFormTag+".action='"+ActionURL+"'"); </script>
When the page loads, the browser will notice the action URL in the form tag.
Then, the browser notices the JavaScript and changes the action URL in its memory.
The URL doesn't change in the web page source code, just in the browser's memory. And the URL in the browser's memory is where the form will be submitted to when the submit button is clicked.
Will Bontrager