Prevent Form Spam with SpamFilter.cfc

Posted At : August 28, 2007 2:27 PM | Posted By : Steve
Related Categories: SpamFilter,com.sebtools

I was told last week that a client's contact form has been getting a lot of spam - on the order of 30 a day. We had a simple spam prevention measure in place, but that clearly wasn't doing the job. It was time for something a little more sophisticated.

[More]

Comments (6) | Print | del.icio.us | Digg It! | Linking Blogs

Related Blog Entries

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment]
One way I've found to knock out nearly 100% of form spam is to have the template that handles the results of the form check for your domain in the referrer, otherwise I redirect back to the form. It seems to knock out most of the bots and is only two lines of code.
# Posted By Mike Rankin | 8/28/07 7:35 PM
Mike,

That makes sense. My worry about such a technique is that the referrer is actually pretty easy to spoof. It seems like only a matter of time until that approach would quit working.
# Posted By Steve Bryant | 8/29/07 1:35 PM
Somehow it is not working for me. No matter what I input isSpam() returns false, just wondering if I need to do any configuration so the filter will work.
Here are the debug query I got from submitting the form:

SELECT Table_Name FROM INFORMATION_SCHEMA.TABLES WHERE Table_Type = 'BASE TABLE' AND Table_Name <> 'dtproperties'

SELECT   TOP 1 * FROM [spamWords]

SELECT [spamRegExs].[RegExID] , [spamRegExs].[RegEx] , [spamRegExs].[Label] , [spamRegExs].[points] FROM      [spamRegExs] WHERE      1 = 1

SELECT [spamWords].[WordID] , [spamWords].[Word] , [spamWords].[points] FROM      [spamWords] WHERE      1 = 1

Last 3 query looped several times. Please advice.

Thanks,
Bill
# Posted By Bill | 8/31/07 5:46 PM
Bill,

Sounds like it isn't working right. Want to send me an email ("steve" at the domain name from which you downloaded the component)? Then we can work through the problem and I can get the component fixed and updated.

Thanks
# Posted By Steve Bryant | 8/31/07 6:44 PM
interestingly, no matter what i type in the contact form at http://www.bryantwebconsulting.com i get returned with "this message appears to be spam"
# Posted By andrew lorien | 9/13/07 1:51 AM
Andrew,

Is that not what is supposed to happen? If everything is spam, then I have nothing to respond to.

Just kidding, of course. I found and fixed the problem and uploaded a new zip of SpamFilter.cfc with the fix.

Thanks for taking the time to report the problem so that I could address it.
# Posted By Steve Bryant | 9/13/07 12:36 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.