4 Web Forms: No Spam

]

Cartoon rendition man frantic about his computer screen displaying spam
Image source: Why Spam is a Small Business Nightmare[

What is “spam”? And no, I’m not talking about the canned meat product SPAM! Web spam is something that no one likes because it’s a result of your website or server being hacked and hackers being able to access the information they need to edit the website’s code, upload malicious files, or put spam scripts into the catalog of the site or server. It is various types of internet communication that are unsolicited, unwanted, and can be damaging to your website and its users. In the LinkedIn Learning session by Clarissa Peterson on HTML & CSS: Creating Forms, she speaks a little bit about form submission and security. When the server processes the form data, on the browser side, the form is never totally secure. If both the sending and receiving pages are HTTPS, then everything is encrypted as it sends. If both the sending and receiving pages are HTTP, the data is not encrypted and is not recommended.

HTTP versus HTTPS encryption comparison
Image source: Sucuri.net

According to the blog post Web Form Spam: What It Is and How to Prevent It by Jasmine Panayotov, spam comes in many forms including spam emails, direct messages, comments, and social media posts.  One type of spam that is especially aggravating for businesses is form spam. Most form spam is created by bots which are programmed to find web forms and fill them out. Manual spamming occurs when people hired by companies manually enter spam messages into web forms. Submissions from spam forms are annoying because they can distort your true form submission numbers and enshroud legitimate form submissions. 

Preventing Spam

Is spam completely preventable? Unfortunately, it is not. Any time we add a form to a public web page, we are opening up the doors to spam. In past years, one of the anti-spam devices used was called CAPTCHA, which prevented spam by requiring users to confirm that they are human with a click. But recently, Google declared that this security feature could no longer outsmart spam bots and developers were getting too annoyed with the process of keeping it around. What was discovered were alternative solutions to CAPTCHA that could provide some protection and a better user experience. 

Having a Secure Sockets Layer (SSL) certificate on your server to secure form data is one solution that establishes an encrypted link between a server and a client—usually a web server (website) and a browser. All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.

HTTP + SSL = HTTPS
Image source : How to redirect HTTP to HTTPS Using .htaccess

Google introduced another anti-bot alternative called reCAPTCHA which had a better level of anti-bot protection, but it wasn’t perfect. Using this feature with HTML is simple but requires the use of some basic PHP programming and signing up for an API key. Once that’s done, your HTML script code will look like this:

 https://www.google.com/recaptcha/api.js

Another basic way of preventing spam is called a “honeypot” and the concept is quite simple. It is used as an extra layer in spam prevention to be used in addition to the reCAPTCHA script. Here’s what that input might look like:

  <form name="contact_form" method="POST" onsubmit="validateForm(this);">
    <label for="name">Name </label><input  id="name" name="name" size="40" type="text" />
    <br>
    <label for="email">Email </label><input  id="email" name="email" size="40" type="text" />
    <br>
    <label for="honeypot">Honeypot </label><input id="honeypot" name="honeypot" size="40" type="text" /><br>
  </form>

Conclusion

Web security should not be overlooked in the web development stage. A great way to evaluate your own website and web form security is to view it from an attacker’s perspective. Although my source provides some valuable about preventing spam with web forms, it concludes with an invitation to use their digital marketing services. Whether a developer uses Proceed Innovative’s services or uses basic encryption tools, form data should always be protected.


Note: This chapter is a revised version of a blog post titled Web Forms: No Spam on My Web Development Experience.

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Publishing for the Web Copyright © by TCOM 3335 (Spring 2021 and Fall 2022) at UHD is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book