Contact Form Spammers

04 June 2008 02:19 PM

I’ve had it with the Contact Form Spammers.

We’ve been getting between 5 and 20 junk inquiries a day from spamming robots. This started a couple of months ago. With the first few, I looked at our webserver logs and found the offending spammers and blocked them with the .htaccess file. Still, the spam came. It seems there is a zombie army of Windows computers out there with nothing better to do than vomit garbage all over contact forms. Here’s an example:

Your Name: xahAxYAHoakdYISFh

Your Email: evXeDwsFSgqESxvpX

City: QBxymQfMqeitFAAsL

Subject: fohFHYyQdeJsjkyq

Message: comment2, ice cream flavor list, someotherspamurl ice cream flavor list, pvfid, ice boat, someotherspamurl ice boat, vljrfo, pop music quiz questions, someotherspamurl pop music quiz questions, 7555, carb free ice cream, someotherspamurl carb free ice cream, %-DD, big ten network, someotherspamurl big ten network, kay,

Telephone (optional): HdUjxhsZbQ

How did you hear about us? comment2, ice cream flavor list, someotherspamurl ice cream flavor list, pvfid, ice boat, someotherspamurl ice boat, vljrfo, pop music quiz questions, someotherspamurl pop music quiz questions, 7555, carb free ice cream, someotherspamurl carb free ice cream, %-DD, big ten network, someotherspamurl big ten network, kay,

(In the above example, I’ve replaced the active URLs with “somespamurl” and plain text URLs with “someotherspamurl.”) If you look closely, they’re even obscuring spam URLs with other spam URLs.

Bottom line is that this is the single most stupid form of spam that I can imagine. I mean, instead of reaching thousands of targets, they only get the webmaster of the site they’ve targeted. And, webmasters generally don’t fall for foolishness like this.

Up until this point, I simply set up a rule on the company’s email client to automatically place the spam messages in the trash mailbox. No more. As of today, we’ve implemented a CAPTCHA system. This means that new potential customers will have to determine and type-in a 6-character code to prove that they’re human when making an inquiry. I’m sorry that we’ve had to do this. Nobody likes dealing with CAPTCHAs, but they’re one of the only (mostly) effective ways of dealing with Contact Form Spam.

UPDATE: I don’t really like CAPTCHAs... so I’m going to be investigating the possible solution I just read about here.