Screening Anchor Text in Contact Form Spam

I wrote a blog post last year about “How to Stop Contact Form Spam” and it seems to do the job to weed out the bots from hitting your form processing script automatically and submitting a bunch of spam. However, it looks like one of my websites is getting hit manually by a person or script – they are filling out all of the required fields with a valid-formatted email address and actually clicking the submit button to access the confirmation page. However, they are flooding the “Message” textarea box with thousands of pharmaceutical words, some of which are hyperlinked to their spam sites. The most logical way I can think of to combat these spammers is to screen out all submissions that have keywords in the anchor text of any links submitted. I don’t want to disallow URLs completely, but only those that contain custom anchor text. I’ve Googled variations of “anchor text contact form spam” but have come up with nothing.

So I will need to figure out how to do this myself, either with PHP and/or JavaScript. I DON’T WANT TO USE A CAPTCHA or any other question to check if it’s a human or not, because there’s a very good chance that it is a human! If anybody has any suggestions, please leave them in the comments!!


3 Responses to “Screening Anchor Text in Contact Form Spam”

  1. michael on August 23rd, 2009 12:21 am

    Maybe str_replace() for php or replace() for js? Build an ongoing array of keywords that get replaced with whitespace or just removed all together.

    Preg_match/Regex and replace whatever spam char patterns you’re seeing the most?

    Im amazed someone is putting in the effort to manually spam a contact form.

    Awesome blog!

  2. admin on August 25th, 2009 6:13 pm

    Hey Michael, thanks for the tips. I will give it a whirl and post any progress on the blog.

    And I agree that it’s ridiculous that somebody would manually spam a contact form. It’s probably a script/bot that is manually filling out the form with valid information and actually clicking the submit button and actually viewing the confirmation page. It seems like it is a neverending battle against the spammers…

    Thanks for the comments!

  3. MrP on October 15th, 2009 6:55 am

    You could may be limit the number of allowed hyperlinks (or external http references) within the message textbox to say 5 (or even less) to prevent ‘flooding’. In addition to your CSS-hidden control, you could also time how long it has taken the user/robot to complete the form. Less than a few seconds and again it is likely to be a robot.

Leave a Reply