If your website has a "Contact Us" type form, sometimes you have to deal with spam about boosting facebook likes, designer handbags, etc. Often not a huge deal, but just more shit to sort through to get to legitimate business contact submissions.

What can be done to minimize this? I assume lots of web developers and website companies tend to name this particular page / id something with "contact" in the address, just for ease of organization, etc. But do these spam bots who blow up your website just search for particular pages with "contact" in them and then automatically fill them out with crap information? If so, would changing the name of that particular page to something random weed out a lot of these bots? Or do they search for something more specific in the design of the page, ie fields called "Name" "Address" etc?

Any advice that you can implement from the back end to minimize spam contact requests?

5/5/2014 11:58:45 PM

They search for stuff like form elements with text fields and actions and submit buttons, regardless of what you actually name them or your page; re-naming your pages or forms won't help, but any spam-filtering your e-mail provider may do will help, as would implementing a CAPTCHA from something like reCAPTCHA or Solve Media, to weed out the bots that don't know how to break CAPTCHAs.

Another idea would be a combination of client- and server-side filtering of particular B& words (server-side to defeat people who mess with the client-side code, client-side to let honest users know something has been filtered), but it would be hard to avoid false positives.

5/6/2014 1:14:02 AM

I figured captchas would get rid of a huge chunk of the spam, because it's nothing too sophisticated, but I don't want to potentially lose a legit submission because they may be using a cellphone and have an issue with the captcha

And most of the inquiries go to a gmail address, which has semi-decent filtering, but again, I'd rather sort through a few spam entries to get to legit ones than have to check a spam folder and accidentally have a legit one go through there...currently my spam folder has about 18 items in the last month and all 18 are spam

banned words might be ok, as far as stopping handbag and online pharmacy submissions, but some of them are all shoot language so those would still come through

i'm already at the point where i am ok dealing with it, just wondering if anything other than captchas would work well

5/6/2014 2:00:49 AM

In all seriousness, have you considered just not having one? I don't know what your conversion rate on contact form submissions looks like, but I doubt it's stellar. As long as people still have options like email, the telephone, Facebook, and Twitter, do you really need the contact form?

5/6/2014 6:41:38 AM

Try putting in a honeypot field. It's a form element that's hidden from view through CSS. Real people won't fill it out because it's not visible, bots will because they're just looking at the code. Name it something that seems legit. If the field is filled in, don't have it send you an email. This should catch most lesser bots. Smarter bots might still get through, if they're parsing css to check element visibility or using browser automation like Selenium or phantom.js or whatever the hot shit is nowadays.

You could also try the reverse and have javascript insert an additional element on form submission, and check that it exists. Javascript only loads/triggers if it's in a browser, so simple bots won't activate it. Browser automation bots will though.

Then there's more mobile-friendly captchas like http://visualcaptcha.net/ that you could implement if you're worried about mobile drop off. Captcha cracking is the harder of the three to make a bot around.

[Edited on May 6, 2014 at 8:24 AM. Reason : ]

5/6/2014 8:24:27 AM

sup bros, lemme shameless plug up in here

http://www.distilnetworks.com/

5/7/2014 3:50:08 PM

we have started doing honeypots like ^^ mentioned on our open forums on our support sites. It's cutting down on the spam big time and it's not affecting our normal users.

5/7/2014 4:38:12 PM

as far as usability goes, honeypots (or Stein's thingy thing) are the way to go, no question

don't use captcha. people fucking hate it. it's generally unusable, and even worse on mobile

5/8/2014 7:44:24 AM