Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Preventing bots?

Reply
Thread Tools

Preventing bots?

 
 
7777
Guest
Posts: n/a
 
      12-07-2009
Hello can anyone recommend a good way of preventing bots submitting data in
asp pages? The following link
http://www.brainjar.com/asp/formmail/default2.asp describes a method but
what if the client doesn't have cookies enabled? Thanks in advance.


 
Reply With Quote
 
 
 
 
Evertjan.
Guest
Posts: n/a
 
      12-07-2009
7777 wrote on 07 dec 2009 in microsoft.public.inetserver.asp.general:

> Hello can anyone recommend a good way of preventing bots submitting
> data in asp pages?


Depends on your definition of bots.

Bots as Google bot do not.

You cannot submit to an asp page in sensu strictior, only to the rendered
html page, which has nothing to do with asp.

Yes, you could try to prevent the resulting submitted data if the
submitting user is not human by serverside asp code, but there will never
be a "good way", especially when such way is published here.

Is your webside really so important that this is a serious threat?
If so human submission will be too.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
 
Reply With Quote
 
 
 
 
Dooza
Guest
Posts: n/a
 
      12-08-2009
On 07/12/2009 20:01, 7777 wrote:
> Hello can anyone recommend a good way of preventing bots submitting data in
> asp pages? The following link
> http://www.brainjar.com/asp/formmail/default2.asp describes a method but
> what if the client doesn't have cookies enabled? Thanks in advance.


There is a method I use called the Honey Pot. It gets around automated
form spam bots that fill in all fields with junk and submit it.

Setup your form as normal, but include 2 extra fields. Make sure they
are in a DIV of there own, and hide this DIV using CSS. One form field
has the value filled in, and the other one has a blank value. Name the
form fields well, but label them clearly so that if a screen reader is
used to read the page it understands what is going on.

On the form processing page, make sure that the field with the known
value still has the correct value, and the one without still doesn't
have it. Form spam bots will mostly fail this test due to just filling
in all fields.

The key to this is to create a success message for when this fails. It
makes them think it was successful so they won't spend extra time trying
to make it work.

Yes, this can be beaten if a human actually looks at the code, but in my
experience, and from the experience of others from whom I learnt this
technique, its pretty darn good.

Dooza
 
Reply With Quote
 
7777
Guest
Posts: n/a
 
      12-08-2009
Thanks to you both for your interesting insight, much appreciated. I came
across this conversation http://www.webmasterworld.com/webmaster/3322243.htm
which one persons mentions the 'Honey Pot' method also which sounds like a
great idea. Would perhaps just putting a hidden field control like the user
'rocknbil' mentions also do the trick?



"Dooza" <(E-Mail Removed)> wrote in message
news:u1xqvY%(E-Mail Removed)...
> On 07/12/2009 20:01, 7777 wrote:
>> Hello can anyone recommend a good way of preventing bots submitting data
>> in
>> asp pages? The following link
>> http://www.brainjar.com/asp/formmail/default2.asp describes a method but
>> what if the client doesn't have cookies enabled? Thanks in advance.

>
> There is a method I use called the Honey Pot. It gets around automated
> form spam bots that fill in all fields with junk and submit it.
>
> Setup your form as normal, but include 2 extra fields. Make sure they are
> in a DIV of there own, and hide this DIV using CSS. One form field has the
> value filled in, and the other one has a blank value. Name the form fields
> well, but label them clearly so that if a screen reader is used to read
> the page it understands what is going on.
>
> On the form processing page, make sure that the field with the known value
> still has the correct value, and the one without still doesn't have it.
> Form spam bots will mostly fail this test due to just filling in all
> fields.
>
> The key to this is to create a success message for when this fails. It
> makes them think it was successful so they won't spend extra time trying
> to make it work.
>
> Yes, this can be beaten if a human actually looks at the code, but in my
> experience, and from the experience of others from whom I learnt this
> technique, its pretty darn good.
>
> Dooza



 
Reply With Quote
 
Dooza
Guest
Posts: n/a
 
      12-08-2009
On 08/12/2009 17:37, 7777 wrote:
> Thanks to you both for your interesting insight, much appreciated. I came
> across this conversation http://www.webmasterworld.com/webmaster/3322243.htm
> which one persons mentions the 'Honey Pot' method also which sounds like a
> great idea. Would perhaps just putting a hidden field control like the user
> 'rocknbil' mentions also do the trick?


Its the basic way of doing a honey pot, the method I outlined is just a
little bit more advanced. I think that some spam bots have learnt to
ignore hidden fields, so using CSS to hide the fields gets around this.

Its up to you which one you use. I have seen several versions over the
years, this one just happens to be one that works for me and some others.

Dooza
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AS5300: Preventing multiple logins of the same account Pavlov Cisco 0 11-23-2004 04:39 PM
configuring Cisco Router to preventing assigning DHCP address Rami Rosen Cisco 13 10-24-2004 01:46 PM
preventing users from dropping wireless onto the lan jim Wireless Networking 3 08-31-2004 07:33 PM
Preventing Routing Matt Cisco 10 06-09-2004 09:20 PM
Preventing users from accessing Cisco PDM lombardi Cisco 1 04-13-2004 06:00 PM



Advertisments