Junk messages comimg via my website form Please help

[g7nomie]

A bit long sorry.........
I have a form on a page of my website. It gives my possible customers a
chance to contact me with enquires or comments. The messages come direct to
my email.

The problem I am finding is that I am getting messgaes via this well which I
think are VERY INAPPROPIATE (if you know what I mean) Does ant one know how I
can stop these as I am finding it a little distressing.

A customer has also contacted me and said she sent me a messgae which I did
not recieve so I am also wondering if there is some kind of possible virus
attached.

Please help!
Naomi

 

[Mike Koewler]

Naomi,

Hmmm, there was a very similar question posed in the MS Pub Web Design
NG earlier today.

I had suggested using a form of validating fields, but apparently Pub
does not do this. David F. suggests using Soupermail to process your
form. It can be set up to validate fields. It won't stop people from
spamming, but it will stop the bots. About the only way to stop spam
completely would be to require a log-in with the user needing to click
on a link in another e-mail message to confirm their registration.

Mike

 

[Uncle Grumpy]

I have a form on a page of my website. It gives my possible customers a
chance to contact me with enquires or comments. The messages come direct to
my email.

The problem I am finding is that I am getting messgaes via this well which I
think are VERY INAPPROPIATE (if you know what I mean) Does ant one know how I
can stop these as I am finding it a little distressing.

A customer has also contacted me and said she sent me a messgae which I did
not recieve so I am also wondering if there is some kind of possible virus
attached.

This is not a Publisher issue.

 

[Mike Koewler]

Grumpy,

Sure it is. It's just that there is little the OP can do unless she
wants to use a different script than FP extensions to process her form.
Not much difference between her question and the one wanting to know how
to incorporate Captcha into a Pub form.

Mike

 

[Uncle Grumpy]

Grumpy,

Sure it is. It's just that there is little the OP can do unless she
wants to use a different script than FP extensions to process her form.

Then the question should be posted to a FP group, not here.

 

[Mike Koewler]

Grumpy,

Maybe you need to take a nap. Pub, you know, the software this NG is
dedicated to, uses FP extensions to enable forms to work. It is a Pub
issue, though the question would be better posted in the web design
section (which she has done).

Here's a link that may help:
http://msmvps.com/blogs/dbartosik/archive/2006/01/07/80564.aspx

Mike

 

[Uncle Grumpy]

Maybe you need to take a nap. Pub, you know, the software this NG is
dedicated to, uses FP extensions to enable forms to work. It is a Pub
issue, though the question would be better posted in the web design
section (which she has done).

I use FP to design/manage several websites. I didn't know Pub had
that capability.

Still, I think the question was better placed in a website-only group.

JMO.

 

[Mike Koewler]

Grumpy,
group. <<

I agree. She did post it in the MS Pub web design group, as David F.
(the resident web guru since the other David left) tends to check that
group more frequently - or so it seems.

Mike

 

[Charles W Davis]

To solve the problem, contact your host and ask how to set up the forms on
the server where the Bots can't get access.

 

[Mike Koewler]

If a bot can't get to it, how will legit visitors???

Mike

 

[Ed Bennett]

If a bot can't get to it, how will legit visitors???

You could place the form in a password-protected subfolder, and list the
username and password on the page that links to it.

 

[Mike Koewler]

Ed,

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.

Mike

 

[Ed Bennett]

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.

I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a .htaccess.

 

[Mike Koewler]

Ed,

yes, the htaccess file can password protect a folder but I can foresee
several problems. When Pub uploads files, it normally does so to the
root directory, which would be fine. But the form, along with any
graphics would have to be uploaded to a different directory - the one
that is protected. That folder would probably have to have a subfolder,
/index_files, where Pub stores all the images and other pages, unless
the user wanted only a text file. Even then, he/she would have to enter
absolute links back to the other pages and probably create a separate
file for just that page, lest Pub upload it to the regular index_files
folder. (not sure how FP extensions work with subfolders - there's a
certain sequence one is supposed to go through if an htaccess file is
changed after the extensions have been activated)

The bottom line is one can take steps to decrease the amount of spam
replies but it usually isn't worth it. :-(

Mike

 

[DavidF]

IMHO I think that Steve in NC hit the nail on the head. It really doesn't
matter whether you put the form page in a password protected subfolder, or
use a form program that requires validation. While these things may slow the
amount of spam, none of those things are going to prevent someone from
sending an "inappropriate" message to the OP. If the OP is going to put
themselves out there on the internet, and invite people to contact them via
either a form or an email, they need to develop a thicker skin...and find
the delete key.

DavidF

 

[Mike Koewler]

David,

You know, as many forms as I have on different sites, spam is not a
problem. I get maybe one message every three weeks (from a form!) that
is spam, and then it is just someone trying to register for an event.
I've yet to get an 'inappropriate message' in a form. I don't think bots
are that adept at filling in forms, or else spammers have more effective
ways.

Now getting spam in general - yeah, dozens a day. But I don't think they
found my address via the forms, as I use a routing method for most of
them. The hardest ones to filter seem to the ones offering "tips" on
buying penny stocks. The spammers fill the message with generic but
acceptable text then attach an image with the tip in it. They often have
a subject line that makes some sense or contains a Re: - which filters
usually allow through.

I figure I'm using about 30 seconds a day to deal with this stuff - not
exactly a major disruption to my job!

OTOH, I do have lots of bots trying to register in the different forums
I run. However, once I set them up so the person has to reply to a
message to activate their account, not one single spam post.

An interesting note: I sold an ad to this rock climbing business. He
gave me his web site so I could get his logo and saw a link to his
forum. He had been running it for less than a year, yet had over 1,200
members. Pretty impressive, I thought, and I told him so. He told me he
had only about 50 real members, the rest were spammers.

Mike

IMHO I think that Steve in NC hit the nail on the head. It really doesn't
matter whether you put the form page in a password protected subfolder, or
use a form program that requires validation. While these things may slow the
amount of spam, none of those things are going to prevent someone from
sending an "inappropriate" message to the OP. If the OP is going to put
themselves out there on the internet, and invite people to contact them via
either a form or an email, they need to develop a thicker skin...and find
the delete key.

DavidF

 

[Charles W Davis]

Mike,

This page is an example of a CGI serverside form.
http://www.anthemwebs.com/contact_us.htm
It has never been compromised. Note the small Compendium subscription
request in the left border, it is compromised a couple of times each week.

 

[Mike Koewler]

The problem is not how to code it, I can do the same thing in a snap
using a program other than Pub. From what I have heard, Publisher does
not have a way to validate form fields.

Mike

 

[DavidF]

Actually, I almost posted back to ask Ed a question after that last post,
and I think you answered it. My understanding has been that spambots cannot
glean your email address from a form, and that is one of the reasons to use
one. Your experience seems to confirm that. Thanks.

DavidF

David,

You know, as many forms as I have on different sites, spam is not a
problem. I get maybe one message every three weeks (from a form!) that is
spam, and then it is just someone trying to register for an event. I've
yet to get an 'inappropriate message' in a form. I don't think bots are
that adept at filling in forms, or else spammers have more effective ways.

Now getting spam in general - yeah, dozens a day. But I don't think they
found my address via the forms, as I use a routing method for most of
them. The hardest ones to filter seem to the ones offering "tips" on
buying penny stocks. The spammers fill the message with generic but
acceptable text then attach an image with the tip in it. They often have a
subject line that makes some sense or contains a Re: - which filters
usually allow through.

I figure I'm using about 30 seconds a day to deal with this stuff - not
exactly a major disruption to my job!

OTOH, I do have lots of bots trying to register in the different forums I
run. However, once I set them up so the person has to reply to a message
to activate their account, not one single spam post.

An interesting note: I sold an ad to this rock climbing business. He gave
me his web site so I could get his logo and saw a link to his forum. He
had been running it for less than a year, yet had over 1,200 members.
Pretty impressive, I thought, and I told him so. He told me he had only
about 50 real members, the rest were spammers.

Mike