Arming yourself against the Spambots

Spam; everyone’s unwanted guest. Everyone has been served an unwholesome amount of it, somehow a spammer gets hold of your email address and then proceeds to bombard you with obscure offers covering every field you can imagine; from cheap viagra to exciting news from the Nigerian Lottery Commission. However that’s just regular spam which is frustrating enough; web form spam on the other hand is a far more pernicious villain.


Web form spam is a big problem; an unprecedented irritation that knows no relent. Spammers will utilise scripts or bots to scan thousands of websites every day to seek out website forms to victimise. Why would someone do such a horrible thing you ask?


Well, spambots don’t really care what your form is intended to do as they possess no rational intention, instead they attack forms without discretion hoping that their scans will reveal some form of vulnerability that they can utilise to hijack your mail server. Once they have done this they will then proceed to transmit their ‘oh so vital’ information to the next lucky batch of ‘lottery winners’.


As if one reason wasn’t enough for these pesky little imps to attempt to ravage your forms; they will also attack in an attempt to to get their links published on your website in an attempt to try and trick unsuspecting users to click through to their spammy, and often malware infested pages.


At¬†Kalexiko¬†we do our best to try and combat these persistent little imps, so that ourselves and our website users don’t fall victim to any of their little tricks. We have two main ways of doing this, which are;


The Honey Trap

The idea behind this sweet little trick is to have a hidden form element on the page that the spambots will try to populate. The trick is that because the from field is ‘visually’ hidden from normal end users they won’t see the element and therefore won’t fill it in. The spambots on the other hand will be able to ‘scan’ the form and will attempt to populate it.




As you can see here, we see if the Honey Trap field has any value. If it does we then stop processing the request.


It must be noted however that this method by no means is completely foolproof, but it will serve as a great first line of defense against spambots.



Another useful method you can use to help you foil spambots is a CAPTCHA system. The basic idea behind this one is to test whether your user is a human or a spambot by presenting them with a little puzzle; kinda like a digital sphynx guarding your website. These puzzles are deliberately easy for a human to understand, but will leave a spambot puzzled and therefore unable to pass.




This is only a very basic example of a CAPTCHA with only one ‘puzzle’. More complex CAPTCHAs will feature a number of different questions with a number of differing answers.


The most popular example of a CAPTCHA is reCAPTCHA which will use an image of some scanned text that users will have to type into the text field; this is an incredibly difficult task for a spambot to overcome.


CAPTCHAs can be an incredibly effective weapon to have in your arsenal when battling spambots, however, I really dislike them. It boils down to the fact that as a human user I really dislike having to decipher a machine generated puzzle just to be able to post an enquiry.


Though these two methods are great defences against spambots, one thing to remember is that no matter how many defence mechanisms you employ in your forms to try and protect yourself against spambots, spamming is an incredibly profitable endeavour. Because of this spammers are extremely persistent and will therefore adapt and evolve constantly to combat your countermeasures.


Defeating the spambots is an ongoing battle, and a long one at that. I hope that these two quick tips I have provided will prove formidable in helping you to get started in combating the forces of spam evil.