BareMetal.com

Baremetal
My Account
Domain Registration Management Services
Web Services
Rates and Specs
Bulk Rates
CGI Library
FAQ
Order Form
Tech Support
Billing Info
Company Info
Charities
Legal Info
Employment
Privacy Statement

BM


Web Services

Captchas - Blocking spam from web forms

Return to CGI Library
Return to Form Handling

This page discusses the CAPTCHA logic we have added to our form handling gadgets to reduce spam. The captchas will work without changing your forms, but you have the option of disabling them, or integrating them into your forms to make the pages flow more smoothly.

Introduction:

If you've been using e-mail for more than a day or two, you have probably learned about "SPAM". Recently spammers have begun using the input forms on websites to spam the webmasters :(. Fortunately, computer folks have a solution: use an image that people can easily recognize, but which computers can not. (This is called a captcha, see wikipedia for details.)

We have modified our form handling scripts to include captcha functionality. If a form is submited without a correct captcha guess, then a new/extra page is displayed which has a form containing the captcha and the contents of the previous form (which are stored as hidden fields).

Here are two simple examples: captcha_ex.html, and captcha_ex2.html.

The default captcha page uses the ERRORFTR and ERRORHDR fields described here, so it may already have some of the look and feel of your site.

Disabling the captcha:

To turn off the captchas, simply add a <!NOCAPTCHA> tag to your page. (Hhmm, that may not be standards compliant, we may add another tag.)

Integrating the captcha to avoid the extra page:

Modifying your HTML forms to include the captcha logic will improve the flow of your site (by avoiding the extra captcha page), and allow you to introduce the captcha to your visitors using your own description.

The simplest way to include the captcha on your form page requires three things: including the captcha image, adding a prompt, and adding an input field. The example below just uses the mail2 gadget to do a redirect, but a more usefull example would send an e-mail t

<form action="/cgi-bin/mail2" method="post">
    <input type="hidden" name="To" value="someone@example.com" />
    Where do you want to say? <input type="text" name="Message"  /> 
<IMG SRC="/cgi-bin/captcha">
Enter the three letters from the image above:
<input name="BM_captcha" size=5> 
   <input type="submit" value="Send your message">
</form>

If you need to, you can tweak the height and width of the captcha:

<IMG SRC="/cgi-bin/captcha?BM_height=150&BM_width=250">

Technical Notes

Disabling the captcha functionality requires that the browser pass in the correct Referer: header. This doesn't always happen and some visitors may still see the captcha even if the page with the form contains the NOCAPTCHA tag.

Our captchas are time based. The answer for any given "seed" changes fairly quickly. (Every 5 minutes as of Oct 2006). The sytem is smart enough to check the last two valid answers, but this can still be an issue if you have a big form that takes a long time (e.g. 5-10 minutes) to answer. Our suggestion is to leave out the captcha image, but tell the visitor they have one more short page to handle.

The most sophisticated setup will include setting a "salt" so the captcha changes more quickly.

<!--#config timefmt="%s"-->
<!--#set var="salt" value="${REMOTE_ADDR}_${DATE_LOCAL}"-->

<form action="/cgi-bin/mail2" method="post">
    <input type="hidden" name="To" value="someone@example.com" />
    Where do you want to say? <input type="text" name="Message"  />
<IMG SRC="/cgi-bin/captcha?BM_salt=<!--#echo var="salt"-->">
Enter the three letters from the image above:
<input name="BM_captcha" size=5>
   <input type="submit" value="Send your message">
   <input type=hidden name=BM_salt value="<!--#echo var="salt"-->">
</form>


 
Home Page    Domain Registration Services    Web Services    Technical Support
About Baremetal    Privacy Statement    Billing Info    Charities
My Account    Legal Info    Sitemap    Search BareMetal

Copyright © 1996-2006, BareMetal.com Inc.
Last updated: Thursday, 30-Nov-2006 15:13:26 PST
Last Accessed from: ec2-18-225-72-181.us-east-2.compute.amazonaws.com
Questions and comments to support@baremetal.com



HTML  | CSS