Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibraryManaging Website Forms

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Another Form Spam Prevention Technique

This article provides a relatively simple technique to help prevent bot-submitted form spam.

Probably no one technique will work every time. There are some quite sophisticated bots out there. But even a simple one can reduce your form spam considerably.

This technique for preventing bot-submitted form spam uses JavaScript. The JavaScript is used in a way designed to require the bot to actually run the JavaScript, not just scan the text of the JavaScript to find certain types of information. In other words, the intent is to flummox all bots that do not compile and run JavaScript code.

The technique uses these bot trippers:

  1. A form tag action attribute that is false.

    The action attribute's value is where the form submits to. Spambots may scan the form tag to find the action URL and use it to spam you directly. When the action URL is incorrect, they cannot do that.

    Generally, the action URL is to a thank-you or confirmation page. When submitted, that is the page that receives the information from the form and then the page gets displayed in the browser window.

  2. A form tag onsubmit attribute that returns false.

    The onsubmit attribute is used when something has to happen immediately before the browser sends the form information to the URL in the action attribute's value. In this case, the onsubmit attribute needs to return a false signal to stop the form from being submitted, which prevents bots from submitting the form.

    With real users when this technique is implemented, the form is submitted with JavaScript, which the onsubmit attribute does not affect.

  3. The real action URL is within the submit button's onclick value.

    Here is where you specify the real URL for the action attribute. The JavaScript will use this URL when it submits the form.

  4. JavaScript is used to submit the form to the URL obtained from the button's onclick value.

Even with all that, it is fairly simple to implement.

Let's start with the source code of this example form.

Form example (submits to example.com, not a real data dump):

Name:

Email: 

<form id="myform" onsubmit="return false" action="/incorrect.php" method="post" enctype="multipart/form-data">
Name: 
<input type="text" name="name">
<br><br>
Email: 
<input type="email" name="email">
<br><br>
<input type="submit" value="Submit Form" onclick="SendTheData('https://example.com/dump.php')">
</form>

<!-- The JavaScript needs to be somewhere after the form itself; at end of page should work. -->
<script type="text/javascript">
function SendTheData(url)
{
   var d;
   (d=document.getElementById("myform")).action = url;
   d.submit();
}
</script>

Implementing the Example Form

Here are the steps to implement the example form for yourself.

The form tag and the Javascript:

  1. myform is found within the form tag and within the JavaScript. It is the id value of the form tag. If changed, both instances need to be updated.

  2. onsubmit="return false" is required.

  3. The action="/incorrect.php" action tag contains an incorrect value. If it was the correct value, a bot could just read it and submit the form. The incorrect value will be fixed when the submit button is tapped.

The submit button:

In the submit button, you'll see the onclick attribute:
onclick="SendTheData('https://example.com/dump.php')"

The onclick attribute is required. To implement, replace
https://example.com/dump.php
with the real URL where the form is to be submitted to.

Implementation is done.

When the submit button is tapped, the button will send the real URL to the SendTheData() function in the script tag. The JavaScript will update the form tag's action URL and submit the form.

To implement this with your own forms, follow the outline for implementing the example form. Include the JavaScript provided with the example.

This technique should stop much or most of the form spam you are experiencing, perhaps even all of it.

(This content first appeared in Possibilities newsletter.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Managing Website Forms" Articles

Star Rating in a Form

Putting the Form URL Into a Form Field

Banning Certain Email Addresses From Forms

Other Recent Articles from the Library

Ways to Use QR Codes

Click to Select

The HTML 'article' Tag

Countdown Redirect

Search Files on the Server

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC