ASP 101 - Active Server Pages 101 - Web01
The Place ASP Developers Go!

Please visit our partners


Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates














ASP 101 is an
internet.com site
ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
What is Adovbs.inc and Why Do I Need It?
An Overview of ASP.NET
Connections, Commands, And Procedures

QUICK TIP:
Use Response.Write Instead of Building Strings
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


Quick Tips


Reduce Web Form Spam by Checking Server Variables

Spam isn't just an e-mail problem anymore. Web forms are now a routine target of spammers. Whether your web site is a personal one just looking for feedback or a commercial site generating sales leads, getting dozens of entries for link exchanges or online gambling sites isn't anyone's idea of useful feedback.

Luckily there is something you can do about it. What you may not realize is that the people (or bots) filling out your forms actually give you more information then you receive from the form submission. This information is in the form of the items in the Request.ServerVariables collection.

For more information about the Request.ServerVariables collection, you might want to check out our ServerVariables sample code.

If you're routinely getting feedback from what you believe is the same source, try including a number of the server variables in your feedback to see if you can pick up a pattern. If you notice anything that makes the spammer's messages stand out from the rest, you can then use it to filter your responses. For example, many of the automated bots that fill out the forms don't send anything to identify themselves, so checking for the value of HTTP_USER_AGENT might help weed out some unwanted feedback:

If Request.ServerVariables("HTTP_USER_AGENT") = "" Then
	' Don't send feedback
Else
	' Send feedback
End If

The conditions to check for will vary based on sender, but checking the user agent, ip addresses, or even just seeing if the user's browser is storing an ASP session cookie can all be dead givaways. Sometimes you can even pick up patterns that you can check for in the actual messages the spammer is sending. Once you find a pattern, with a little trial and error you can usually distinguish real feedback from the repetitive spam. Eventually you'll be able to just ignore the spam request, but in the beginning it's better to just flag it as spam by doing something like adding the word spam to the subject line just in case you've flagged something incorrectly.

Once you find a way to differentiate real feedback from spam, please resist the urge to post messages to the spammer. This is a really bad idea. Not only will the spammer realize you've found a way to detect his messages and work to improve his methods (making detection harder for everyone), if you happen to make a mistake, you might get a message from a relatively annoyed visitor who might have been a potential client. The best course of action is to keep your web form's response the same. That way, the spammers won't realize you've caught on and won't change the patterns you've worked so hard to find.


Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.


Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers