Re: What is this that shows up in submitted forms?

I figured it was spam and generated by a spambot, but what purpose does it
serve? Does someone just enjoy harassing others or is there some gain to be
had by doing this? By the way, I've heard of honeypot and captcha before, but
have not been anxious to use them because I sometimes struggle to read those
funny shaped words and usually try a few times until I get one I can actually
read.

What scripting language are you using?
Dave
"RobertBoy" <webforumsuser (AT) macromedia (DOT) com> wrote

Quote:

I figured it was spam and generated by a spambot, but what purpose does it
serve? Does someone just enjoy harassing others or is there some gain to
be
had by doing this? By the way, I've heard of honeypot and captcha before,
but
have not been anxious to use them because I sometimes struggle to read
those
funny shaped words and usually try a few times until I get one I can
actually
read.

RobertBoy wrote:

Quote:

I figured it was spam and generated by a spambot, but what purpose does it
serve? Does someone just enjoy harassing others or is there some gain to be
had by doing this? By the way, I've heard of honeypot and captcha before, but
have not been anxious to use them because I sometimes struggle to read those
funny shaped words and usually try a few times until I get one I can actually
read.

Honeypot doesn't use funny words, it uses a form field that is hidden by
CSS. Formbots don't read CSS so carry on seeing the form field and puts
junk in it. Your form processor will only process the form if that form
field is blank, or has a fixed value. I use 2 in my forms, one with
fixed value, and with no value, seems to work fine to prevent formbots,
but it wont stop a spammer manually entering the spam. It also wont stop
persistent spammers from figuring out how it works, but that only
happens on high profile/volume sites.

Most of these formbots were used to inject there links into comments
that were automatically displayed on websites. This would boost the
search ranking of the sites they list, and possibly if someone was silly
enough to click the link, infect someone with a virus/spyway that would
make that computer a clone so be used as a formbot.

The thing is, loads of individuals try to exploit forms, so most of the
junk you see is a test, to see if your form can be exploited. When they
realise they cant they generally move on and someone else tries the same.

Dooza
--
Posting Guidelines
http://www.adobe.com/support/forums/guidelines.html
How To Ask Smart Questions
http://www.catb.org/esr/faqs/smart-questions.html
How To Report A Bug To Adobe
http://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

Dooza posted in macromedia.dreamweaver

Quote:

Honeypot doesn't use funny words, it uses a form field that is
hidden by CSS. Formbots don't read CSS so carry on seeing the form
field and puts junk in it. Your form processor will only process
the form if that form field is blank, or has a fixed value. I use
2 in my forms, one with fixed value, and with no value, seems to
work fine to prevent formbots, but it wont stop a spammer manually
entering the spam.

I can vouch for that. One of my sites (very low volume) started getting
bot spam. I implemented a single honeypot field. If that field is
tampered with, I log the IP, send a notice to myself and return a 404
header. I wasn't sure if returing 404 was the best thing to do, but the
bot attempts tapered off DRASTICALLY after doing that.

Once in a great while, a spammer will enter my form manually and it
gets sent to me. The last one was one of those snake oil SEO salesmen
offering to put my site on the first page of google searches. S/He
apparently wasn't aware that it ALREADY is on the first page and has
been so for many years - for anybody searching for what little that
site offers. I am happy to have wasted his/her time, though


--
Mark A. Boyd
Keep-On-Learnin'