ASP 101 - Active Server Pages 101 - Web01
The Place ASP Developers Go!

Please visit our partners

Windows Technology Windows Technology
15 Seconds
ASP 101
ASP Wire
VB Forums
VB Wire
internet.commerce internet.commerce
Partners & Affiliates

ASP 101 is an site
ASP 101 is an site
Internet News
Small Business
Personal Technology

Corporate Info
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash

 Top ASP 101 Stories Top ASP 101 Stories
What is and Why Do I Need It?
An Overview of ASP.NET
Connections, Commands, And Procedures

Use Response.Write Instead of Building Strings
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates

Quick Tips

Reduce Web Form Spam by Checking Server Variables

Spam isn't just an e-mail problem anymore. Web forms are now a routine target of spammers. Whether your web site is a personal one just looking for feedback or a commercial site generating sales leads, getting dozens of entries for link exchanges or online gambling sites isn't anyone's idea of useful feedback.

Luckily there is something you can do about it. What you may not realize is that the people (or bots) filling out your forms actually give you more information then you receive from the form submission. This information is in the form of the items in the Request.ServerVariables collection.

For more information about the Request.ServerVariables collection, you might want to check out our ServerVariables sample code.

If you're routinely getting feedback from what you believe is the same source, try including a number of the server variables in your feedback to see if you can pick up a pattern. If you notice anything that makes the spammer's messages stand out from the rest, you can then use it to filter your responses. For example, many of the automated bots that fill out the forms don't send anything to identify themselves, so checking for the value of HTTP_USER_AGENT might help weed out some unwanted feedback:

If Request.ServerVariables("HTTP_USER_AGENT") = "" Then
	' Don't send feedback
	' Send feedback
End If

The conditions to check for will vary based on sender, but checking the user agent, ip addresses, or even just seeing if the user's browser is storing an ASP session cookie can all be dead givaways. Sometimes you can even pick up patterns that you can check for in the actual messages the spammer is sending. Once you find a pattern, with a little trial and error you can usually distinguish real feedback from the repetitive spam. Eventually you'll be able to just ignore the spam request, but in the beginning it's better to just flag it as spam by doing something like adding the word spam to the subject line just in case you've flagged something incorrectly.

Once you find a way to differentiate real feedback from spam, please resist the urge to post messages to the spammer. This is a really bad idea. Not only will the spammer realize you've found a way to detect his messages and work to improve his methods (making detection harder for everyone), if you happen to make a mistake, you might get a message from a relatively annoyed visitor who might have been a potential client. The best course of action is to keep your web form's response the same. That way, the spammers won't realize you've caught on and won't change the patterns you've worked so hard to find.

Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to:

Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback
The Network for Technology Professionals



Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers