Preventing Form Spam in cf_sebForm

I use cf_sebForm for all of my contact forms. Form spam is a constant problem for those forms. So, I set up a generic way to do filtering in those forms and wrote both cf_sebForm and SpamFilter.cfc to follow the same guidelines.

The "filter" attribute of cf_sebForm takes a component (or array of components). If that attribute exists, cf_sebForm will pass the Form structure into the "filter" method of the component(s) passed in to that attribute and set the Form structure to the result. This would allow you to write a filter for security or for editing out offensive language, for example.

If the filter method throws an error, then it will be treated just like an error caught by the CatchErrTypes attribute for validation errors.

So, to use SpamFilter.cfc, just instantiate SpamFilter (in this example into Application scope):

<cfset Application.DataMgr = CreateObject("component","DataMgr").init(mydsn,"MSSQL")>
<cfset Application.SpamFilter = CreateObject("component","SpamFilter").init(Application.DataMgr)>

Then pass SpamFilter into the cf_sebForm tag:

<cf_sebForm filter="#Application.SpamFilter#">

Note also that this attribute could be set globally as well.

Now all form submissions will be checked for spam. If SpamFilter.cfc determines that a form submission is spam, then it will return a validation error to the user alerting them to that.

SpamFilter.cfc is open source and free for any use. The cf_sebForm (tag docs) custom tag is part of the sebtags custom tag set which is open source and free for any use.

Related Blog Entries

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Hi, how is this CFC different from CFFormprotect? Or is it better?
# Posted By Sebastiaan | 5/22/08 4:18 AM

Good question. I definitely wouldn't say that one approach is better than the other - they are just different.

Both SpamFilter.cfc and CFFormProtect aim to prevent spam with no impact to the user or disruption of accessibility.

CFFormProtect takes a combination approach - looking first at behaviors and then looking at the content of the message (including the use of Akistmet). All review that I have heard say that this is highly effective.

SpamFilter.cfc only uses content checking and doesn't use Akismet, because Akismet is only free for personal use, not business use.

The primary difference is that CFFormProtect is specific to forms and requires code in the form itself and has dependencies to JavaScript files. SpamFilter.cfc is more of a general use filter and doesn't require any JavaScript or code on the form itself. You can actually pass any structure into SpamFilter.cfc to have it check it for spam.

SpamFilter.cfc also allows you to update the words and regular expressions that it uses to define spams.

My preference for SpamFilter.cfc is that it is non-invasive (no need to touch much code to implement), it works just as well against manual spam as automated spam, and I can implement it just the spam on personal or business sites.
# Posted By Steve Bryant | 5/22/08 6:19 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.