The Online Form Builder Blog » form spam

Are Forms Protected by a CAPTCHA?

FormSmarts — Sat, 12 Jan 2008 00:32:54 +0000

We often get questions asking whether FormSmarts web forms are protected against automated submissions by a CAPTCHA. A CAPTCHA is a challenge-response test used to determine whether the user is human.

Yes, we do use CAPTCHA tests, but not everytime a form is submitted. Instead, the form handler decides each time whether or not to require a CAPTCHA test (and other verifications), based on unobtrusive analysis by our form spam blocker of the information submitted.

This saves time to every one, and reduces form abandonment.

Asking the user to complete a CAPTCHA test for every form submission affects form usability and accessibility.

Spammy Awards

FormSmarts — Sat, 29 Dec 2007 00:00:25 +0000

We can’t resist publishing the story of a spammer, who yesterday ended up on a blog using
FormSmarts for their weblog comment facility.

After finding the blog on Google, the spammer confidently tried to submit an outrageously spammy message: FormSmarts form spam filter gave the comment a score of 739, where anything greater than 0 is considered to be spam. That is — and by far — the most spam-looking message we ever recorded.

FormSmarts would like to thank this spammer for this amusing moment.

Form Builder and Form Spam Filter Updated

FormSmarts — Fri, 28 Dec 2007 10:40:16 +0000

A major FormSmarts upgrade was rolled out today. Changes include:

New features in the form generator, like the ability to delete a field in a form
A simplified user interface for generated web forms
A major upgrade of the form spam protection engine

Protecting HTML Forms from Spam with JavaScript

FormSmarts — Wed, 26 Dec 2007 00:01:45 +0000

If you are looking for a quick way to avoid automated form spam on existing forms, you may want to try this simple JavaScript form spam protection trick. You won’t get a level of form protection (and usability) comparable to what you would get with FormSmarts, but then you can implement the trick on any existing forms, irrespective of the form handler you are currently using.

We plan to offer the ability to use FormSmarts as a form spam filter for third-party forms within a few months. This will effectively allow users of other form processors to benefit from FormSmarts’ form spam protection on their existing HTML forms, with very little change. Details and availability will be advertised here.

How Did Comment-Spammers Find My Blog?

FormSmarts — Wed, 12 Dec 2007 12:49:10 +0000

Did you ever wonder how comment spammers discovered your blog?

Crawling the Web

One possibility is that the spammer sent out a bot to crawl the web from blog to blog. This requires some infrastructure, and is becoming less effective as more bloggers use some kind of comment spam protection mechanism.

Searching Google

It then becomes more effective for the spammer to simply use Google,
searching for all the pages with the phrase post a comment, but without the terms sign in, register, log in, etc.

http://www.google.com/search?q=%22post+a+comment%22
+-intext%3A%22login%22+-intext%3A%22log+in%22+-intext%3A%22register%22
+-intext%3A%22sign+in%22+-intext%3A%22signin%22+-intext%3A%22sign+up%22
+-intext%3A%22signup%22+-intext%3A%22logged+in

And as an additional benefit, blogs come already sorted by “importance” in the seach results.

Extending the query to restrict results to blogs not using Captchas is left as an exercise to the reader.

What This Means to You

Avoid standard phrases like post a comment on your blog. More creative phrases like Reply to this Post, share your views or letters to the editor may be safer.