Form Bots Foiled!
October 2nd, 2005I made a few changes to the form users fill in to review mountain bike trails on singletracks last night. This morning I awoke to reviews filled in by “porn bots” full of links and h1 text all over the place. I was a bit annoyed and surprised since we’ve NEVER had form bots successfully post to our site. I initially figured it was just a fluke and I modified the review processing scripts to reject HTML tags.
After receiving more spam form fills throughout the day it just hit me: form bots can’t use pull down menus! Our previous review form (before I modified it last night) required users to select their state of residence from a select pull down menu. The form would return an error if a user failed to select a state and would not post the review.
So it seems that instead of attempting to install a sophisticated captcha scheme to prevent form bots, one can simply have a required pull down menu for users to select (almost like the Yes/No button you have to push when swiping your credit card at the grocery store to verify the charge amount). Are you a real person (yes or no). If yes, your review will be posted.
Seems so simple, I’m surprised these bots aren’t sophisticated enough to just pick an option from a menu (any option, doesn’t matter). Hopefully this post doesn’t give form bot writers any ideas…
Anyway, I put the state pulldown requirement back on the site for now, even though the data collected will not be displayed. You can take a look at a sample form here:
