Spam and the Webform script

I’m running several blogs (via Wordpress – no this is not a Wordpress related problem. Read everything through) on my Dreamhost space and they are drawing in a new problem. I’ve got contact forms on and that utilize Dreamhost’s Webform script.

My problem is simply spam. The Bots that attack (and are denied) the posts on the blogs have found the contact form and have been sending me and others messages.

At first, a simple extra question was fine and solved the problem (made the quesiton a required field) but then bots started to fill in the field with gibberish text.

My question is what can I do to fight this problem? I’ve spoken with support in the past about “Captcha support” and I hadn’t gotten a positive answer (so I assume it’s not built-in on the webform script).

Not sure if this will help you. If you have some html/php skill you may be able to add some hidden fields and leave them blank. Then write some logic in the program to reject any submissions that have any entries in the hidden fields.

Joe bloggs will not see the hidden fields so will leave them blank. Travelling bots tend to scan the source forms for fields and fill all of them.

Of course it is easier to do this if you have written all the stuff yourself. :slight_smile:

Or if it were Wordpress you could try a WP captcha plugin. I have not tried any. Maybe even look at the other plugins at to see if they help.


Opinions are my own views, not DreamHosts’.
I am NOT a DreamHost employee OK!! :@

You act on my advice at your own risk!

Thanks Norm, I didn’t think to try that. I was going to add a drop down menu where people had to pick a number between 1 and 4 or so and make it required, but that’s something I think the Bots will get around.

Def. not Wordpress. I have Spam Karma 2 running on general blog posts. The catch with this current Spam problem is a Page within wordpress that has a normal Form field / webform that i hand coded into place, etc.

Mind you, there IS a contact form plugin for Wordpress that has been getting exploited by Spambots as well, but this isn’t that plugin.

Oh well, I am rambling. Thanks for the suggestion.

The spammers have to program the bots to submit form data. You can discourage them from taking the time to do so by making that harder.

For example, they will figure out the form fields and program the bot once, and have it submit forms more than once. If the form can only be submitted once, then the spammer has to re-program the bot.

One way is to require a session. The initial form submission obtains data and a second one is required to atually do anything (eg send a message) with the data.

:cool: [color=#6600CC]Atropos[/color] |