[RESOLVED]How to protect form from spammers

Dear all,

I having contact form which i have developed in c# razor web pages. I am receving n number of spam emails a day. Let me know how to protect the form from spammers.

thanks

Hi,

I think, u can use Captcha to detect real users

or ask users to authenticate by facebook, twitter or google authentication.

for that u have to implement authentication logic in ur code.

ssvikramuk

Dear all,

I having contact form which i have developed in c# razor web pages. I am receving n number of spam emails a day. Let me know how to protect the form from spammers.

thanks

Hey ssvikaramuk,

This should help you with implementing CAPTCHA into your web project – The explanation and samples are very intuitive :)

http://www.asp.net/web-pages/overview/security/using-a-catpcha-to-prevent-automated-programs-(bots)-from-using-your-aspnet-web-site

Good luck and let us know if you need further help!

With out capthca is it possible?.

ssvikramuk

With out capthca is it possible?.

There might be other solutions however (as you may well know) – Most sites use this method as validation to avoid spammers or bots.

You could always implement a simple question text input for your site? Use validation to ensure that a human has input the data (ie. A simple maths question?).

Something like this (code is untested, simply to show a concept):

@{
var QuizAnswer="";     

        if(IsPost){
             Validation.RequireField("formQuiz", "You must enter an answer!");
     
             QuizAnswer=Request["formQuiz"];

     if(Validation.IsValid()){ 

 if (QuizAnswer !== "2") { 'blah - try again' } else {

          var SQL = "INSERT Blah into THIS";
          db.Execute(SQL);
         } 
}
}

<form action="" method="post">
  <label>Quiz:</label>
     <input type="text" name="formQuiz" placeholder="What is 2 + 2?" />
  <p><input type="submit" value="Submit" /></p>
</form>

I use a simple addition question using a randomly generated pair of numbers on my site. Here’s a simple Web Pages example:

@{
    var message = "";
    if(Session["FirstNumber"] == null && Session["SecondNumber"] == null){
        var r = new Random();
        var a = r.Next(10);
        var b = r.Next(10);
        Session["FirstNumber"] = a;
        Session["SecondNumber"] = b;
        Session["Result"] = a + b;
    }
    if(IsPost){
        if(Session["Result"] != null){
            if(Request["Result"] == Session["Result"].ToString()){
                message = "passed the test";
            }
            Session["FirstNumber"] = null;
            Session["SecondNumber"] = null;
        }
    }
}
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title></title>
    </head>
    <body>
        @message
        @if(Session["FirstNumber"] != null && Session["SecondNumber"] != null){
            <form method="post">
            Name: @Html.TextBox("Name")<br />
                @Session["FirstNumber"] + @Session["SecondNumber"] = @Html.TextBox("Result")<br />
                <input type="submit" />
            </form>
        }
    </body>
</html>

You clear the numbers to be added from Session each time the form is submitted to generate new values for the addition question. That’s what prevents spambots from auto-posting. I used to get loads of automated spam until I implemented this. It totally disappeared
immediately.

Mikesdotnetting

I use a simple addition question using a randomly generated pair of numbers on my site. Here’s a simple Web Pages example:

@{
    var message = "";
    if(Session["FirstNumber"] == null && Session["SecondNumber"] == null){
        var r = new Random();
        var a = r.Next(10);
        var b = r.Next(10);
        Session["FirstNumber"] = a;
        Session["SecondNumber"] = b;
        Session["Result"] = a + b;
    }
    if(IsPost){
        if(Session["Result"] != null){
            if(Request["Result"] == Session["Result"].ToString()){
                message = "passed the test";
            }
            Session["FirstNumber"] = null;
            Session["SecondNumber"] = null;
        }
    }
}
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title></title>
    </head>
    <body>
        @message
        @if(Session["FirstNumber"] != null && Session["SecondNumber"] != null){
            <form method="post">
            Name: @Html.TextBox("Name")<br />
                @Session["FirstNumber"] + @Session["SecondNumber"] = @Html.TextBox("Result")<br />
                <input type="submit" />
            </form>
        }
    </body>
</html>

You clear the numbers to be added from Session each time the form is submitted to generate new values for the addition question. That’s what prevents spambots from auto-posting. I used to get loads of automated spam until I implemented this. It totally disappeared
immediately.

^^^ What Mike said :)

Hello Mike,

When I tested this code, I was able to submit the form without anything being entered in the answer fields.

I mean, it does not seem to work. Can you cross check the code?

cheers,
yousaid

yousaid

When I tested this code, I was able to submit the form without anything being entered in the answer fields.

The code doesn’t include any validation.

If you want to add some to the form, feel free. I didn’t bother with the example above as it’s purpose was to demonstrate the anti-spam measure. If you need help with validation, here’s an article: http://www.mikesdotnetting.com/Article/191/Validation-In-Razor-Web-Pages-2

Hello,

The same method with Mike:

    bool check = false;
    char[] ops = new char[]{'+', 'x'};
    char ch = ops[new Random().Next(2)];
    var aNumber= new Random().Next(10); 

    if (IsPost){
        var nm = Request["name"];
        var em = Request["email"];
        var qs = Request["question"];
        var hum = Request["human"].AsInt();

        ...
        ...

        var aa = Request["a"].AsInt();
        var cc = Request["c"];
        if (cc == "+"){
            var r = aa + aa;
            if(r == hum){
                check = true;
            }
        }
        if (cc == "x"){
            var r = aa * aa;
            if(r == hum){
                check = true;
            }
        }
        if(check){
         DO SOMETHING
        }
        }else{
            ModelState.AddFormError( "Sorry! Something wrong, try again" );
            ModelState.AddError("human", "Enter the result of the maths operation..");
        }


    <form class="rnd5" action="" method="post">
    @Html.ValidationSummary( true)
        ...
        ...
        <div>
            Enter the result of the maths operation: <br>
            @aNumber &nbsp @ch &nbsp @aNumber &nbsp = 
            <input type="text" name="human" size="5" title="Enter the result!">
            @Html.ValidationMessage("human")
            <input type="hidden" name="a" value="@aNumber">
            <input type="hidden" name="c" value="@ch">
        </div>
        <p>
          <input type="submit" value="Post" class="button small orange">
          &nbsp;
          <input type="reset" value="Clear" class="button small grey">
        </p>
      </form>

Mark as answer if helped..

Leave a Reply