Banning Words From Feedback Forms
Spam From Feedback/Contact Forms
Spammers are now using web site feedback/contact forms to message webmasters with their spew. It is automated with software, of course. That way, they don't themselves have to do any of the actual work of pasting the content and clicking the button.
Its a tough problem.
On the one hand, it's the communication channel that should always stay open, the one place folks can be assured of getting communication to the webmaster.
On the other hand, the problem of spam in those channels is only going to get worse.
Banning Certain Words From a Feedback Form
Banning certain words is a slippery slope. What if a client is asking the webmaster about
something that included the words in the banned list. The result would be
a ban of the wanted email.
Saving the
banned emails for later review would defeat the purpose, I'm thinking, because then one would have
to acknowledge them anyway.
One solution, suggested by several of our clients, is to provide an error page for the user indicating that a word or phrase used in the form triggered a rejection and ask the user to re-phrase their communication.
This article shows how to implement that solution in Master Feedback and Master Form V3. Master Form V4 version 4.0d and later already has a "banned words" solution built in.
JavaScript and cookies could be used to identify automated submissions, which is the system utilized by both of our recommend programs, Master Recommend V3 and Master Recommend Pro V4. However, it's easier to implement the banned words system for feedback forms, as presented here, instead of the JavaScript/cookies identification system those recommend programs use.
The Basic Code for Modifying the CGI Programs
Use a plain text word processor like NotePad or TextEdit when editing CGI scripts. Also, use an FTP program to up/download the file to your server, transferring it as a plain text file, not as a binary file.
For both Master Feedback and Master Form V3, the code that modifies the programs is inserted in the current program. The code in the current program doesn't otherwise need to be changed.
The code to be inserted consists of a short subroutine followed by one or more lines that call the subroutine when specified words or phrases are used.
Here is the basic code:
On the second line, "URL" needs to be replaced with the URL of the web page the user shall see if a banned word is inadvertently used. (Note that this line isn't required, but if the line is missing, the form user will see an Internal Server Error whenever a banned word or phrase is used.)
On the last line, "FieldName" needs to be replaced with the form field name being scanned for a banned word or phrase. FieldName is case sensitive.
Also on the last line, "WordOrPhrase" needs to be replaced with the word or phrase being banned. WordOrPhrase is not case sensitive.
Here is the same code, with the above words replaced with example information:
The above will match "smith drop" or "smiTH dropS" or "aerosmith drops" if found in the text submitted in form field name="message", but it will not match "smith" by itself or "drop" by itself.
There is a match only if all the characters, case insensitive, in the order specified between the two slashes, are found in the form field being scanned.
If there is a match, the user will be redirected to http://example.com/why.html
Important: When the banned word/phrase
contains characters other than
spaces, letters, or numbers, then those other characters must be
escaped by preceding them with a backward-slash character. See the
examples later in this article for how it's done.
How To Ban Words/Phrases From a Master Feedback Form
Please make sure you have the latest version of Master Feedback installed. It has code to prevent form hijacking of the kind that allows spammers to send their message to thousands of others from your server.
At line 122 of the latest version (version 2.74), you'll see
my $log = time;
Immediately above that line, put something like the following:
The example has one word/phrase to scan for in the "email" form field, two lines of words/phrases to scan for in the "realname" form field, and three lines to scan for in the "message" form field.
You might require more or less than that. Simply make a separate line for each form field name with the word/phrase to scan for.
How To Ban Words/Phrases From a Master Form V3 Form
Please make sure you have the latest version of Master Form V3 installed (version 3.5n), which has code to prevent form hijacking of the kind that allows spammers to send their message to thousands of others from your server. See the Discontinued Software page linked to on the Master Series CGI programs index page.
At line 1364 of the latest version, you'll see
GetDateTime;
Immediately above that line, put something like the following:
The example scans four form fields, one with three different words/phrases.
You might require more or less than that, and most likely different form field names. Simply make a separate line for each form field name with the word/phrase to scan for.
How To Ban Words/Phrases From Master Form V4 Forms
With Master Form V4 version 4.0d and later, simply type the words/phrases to ban into the control panel, along with the form field names to scan.
Question:
Did you find this article interesting and understandable? How can it be improved?
Your response is anonymous.
When done typing, click anywhere outside the box. [more info]
Will Bontrager
©Copyright 2005 Bontrager Connection, LLC Bontrager Connection, LLC
Please note:
Articles on this website are presented "as is". However -
If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.
