Reducing Spam in Online Forms

cornawakeSoftware and s/w Development

Nov 4, 2013 (3 years and 9 months ago)

65 views

Reducing Spam in Online Forms

Preventing Spam from reaching
the
clients.

By Benjamin
Drolet

University of Miami

Overview


Background


Almost all websites use forms


Most websites are viewable by the public


Need to restrict forms to people who’s use is
intended for


Many spammers will “blast” the forms with spam


Examples:


Contact us


Request a quote


Objectives



Prevent spammers from blasting the form


Hidden to users


Did not want to use cryptic images


Value


The spammers will stop blasting our clients forms


Clients will be happy


We will be happy

Company Background



Online Services IDM


Web site marketing company


Over 400 clients


Over 750 forms


Our competitors were blasting our clients
forms


Their prices were sometimes better than ours


Solution


Dynamic web pages:


Ability to display many different pages based on
the input provide


This allows developers to design one page for
many different uses


Scripting language used to create a html page

HTML



Hypertext Markup Language


Can format text: headings, paragraph, title,
etc.


Request user input through forms


Forms contain fields: hidden, radio, list, text, etc.

Scripting Language



Server
-
side


Advantages


Users never see source code


Disadvantages


More server resources are used


Example:
vbscript


Client
-
side


Advantages


Less server resources are used


Disadvantages


Client can see source code


Example:
javascript

Solving the problem



Current system:


All forms are directed to a central mailing system


This mailing system already has a few ways of
validating the form: correctly formatted number,
email, and text


Blacklisted certain sites from going through and
rejected if certain words in the text

Modifying the new system


Blacklisting is not very affective


Wanted to validate the user submitting the
form


Every user now required to have a time stamp
and hash stamp


Hash stamp: unique identifier, arbitrary


Time stamp: made to compare the amount of
time thee user takes to verify

The new system



when the user is redirected to the central
mailing system, if they do not have a time
stamp and hash stamp, they are created and
asked to verify their input


When the user resubmits:


<Redacted>


<Redacted>

Demo


We are going to try a few different sites:


<Redacted>


<Redacted>


<Redacted>




Summary


Forms are a good way to get user input on a
website


Forms are public and need a way to validate
input


Dynamic web pages are a solution to this
problem


A way to validate users is by using a hash
stamp and time stamp

Special Thanks



Online Services IDM


Dr.
Milenkovic


Dr. Sutcliffe


Renee
Drolet


Questions?