Posts Tagged ‘perl’

NMS Formmail Spam Blocker

November 20, 2012

Having replaced all our client forms with the more secure NMS Formmail, there are ongoing issues with ‘spambots’. We’ve all experienced their relentless irritation. Some feckless idiot wastes their life creating programs to trawl the internet for HTML forms. It then fills them in with whatever worthless junk it’s peddling and moves onto the next.

In this respect, success online is a double-edged sword. The more successful your website is, the more of these scripts track you down; and the more spam you get in your in-box.

There are a couple of ways to stop spam like this. One is to use the usability-killer ‘captcha’ graphics. This is the unreadable graphic we find at the end of forms that we have to spend a few seconds of our lives attempting to translate. We then have to do it again because we got it wrong the first time.

Enter solution 2. This works with NMS Formmail – the more secure perl script that the London Perl Mongers developed from the highly insecure Formmail created by the teenager Matt Wright in 1997. This simple solution combines a single CSS entry with a little customised script added to the nms_formmail.pl script.

In brief, all that needs to be done is to add an additional text input field to your form. Give it a name and class of something like ‘Surname’ (or anything that is not already being used by your form). Create a .Surname {} CSS class and set visibility to ‘none’. Then add the following code to the # USER CUSTOMISATION SECTION of the nms_formmail.pl script:

# USER CUSTOMISATION SECTION
# --------------------------
# Place any custom code here

use CGI;
sub spam {
my $q = new CGI;
my $spamcheck = $q->param('Surname') || '';
if ($spamcheck ne '') {
print "Location: http://www.farfaraway.com\n\n";
exit;
}
}
spam();

Then comment out (#) the ‘use CGI;’ line:

# use CGI;
use POSIX qw(locale_h strftime);
use CGI::NMS::Charset;

Now if a spambot completes the form (including the one invisible to humans) then they are sent to http://www.farfaraway.com – or anywhere you want to send them. Anywhere, in fact, other than your submission script. Humans, on the other hand, will not complete the additional field because they can’t see it – and will successfully submit the form. Result.

This information was discovered on the following website (where a more comprehensive explanation can be found):

which, in turn, got the supporting code from: