Syronex

Preventing form spam

New! Stop form spam with FormSmarts. Plus, an easy form builder, a form handler, form hosting and more. All free.

We present here a way to help prevent automated form spam. It works by hiding the URL in the action attribute of the form. This is just one of the techniques we use to secure forms. We'll present more if there is interest.
  1. Since you are reading this, it is likely you are already getting form spam. So first rename the form handling script. Then encode the new URL here. For this, enter your URL where indicted "Step 1: enter your e-mail address". Copy the code given and extract the strings string1 and string2, which look respectively like FPZEVPKWZXDS2M and %27%23%3E%237%23/1%3C7+1S%3F.

  2. Place the following snippet after the <head> tag in the host page, after replacing string1 and string2 by their actual values:

    <script type='text/javascript'><!--
    function blurl(){var v2="string1";
    var v7=unescape("string2");
    var v5=v2.length;var v1="";
    for(var v4=0;v4<v5;v4++)
    {v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));}
    return v1}
    //--></script>
    
    

  3. Write a landing page for robots and users who disabled JavaScript. This is a plain HTML file saying something along the lines of “please press the back button and activate JavaScript in your browser before re-submitting the form”.

  4. Locate the form tag in the HTML page containing the form, and change the action attribute to action="please-enable-javascript.html", replacing the file name by the name you chose in the previous step.

  5. Finally, add this.action=blurl(); to the onsubmit handler of the form:

    
    <form method="POST"
    onsubmit="this.action=blurl()">
    ...</form>

RSS Recent Anti-Spam Help Updates

Browse Anti-Spam Help Topics

See Also
Web Abuse & Security Consulting