• Home
• Fix Errors
• Protect Email
• WordPress
• Resources
• Contact Us
• Blog

Web Form Protection

Most web sites have at least one form which is filled in by a site visitor (contact form, newsletter signup, etc). If your forms are vulnerable, spammers can harvest your email addresses, spam other people, compromise your database, or try to do all kinds of nasty and malicious things to your site.

How to Protect Your Forms

• Install CAPTCHA to prevent automated submissions.
• Ensure your form processing software doesn't allow spam.
• Properly validate all input submitted to your form processing programs.

Need help with this stuff? Contact us for assistance, or keep reading for more information.

How does CAPTCHA help?

CAPTCHA (Completely Automatic Public Turing Test to Tell Computers and Humans Apart) is used to help make sure only actual humans are submitting the forms on your web site. Usually it involves typing in a code which can't be read by programs but can be by people (like the colored, scribbly one you see in the evaluation form on this page). Upon submitting a form, the code you typed is compared to what was displayed and if it doesn't match, the form doesn't get submitted. The CAPTCHA program we like to use came from a weblog by Ed Eliot. Also here's an excellent FAQ on CAPTCHA. And for those of you on a Windows host, here's an ASP Classic Captcha program.

There can be a couple of down sides to CAPTCHA, though... it requires your form pages to be handled by some kind of web programming such as PHP or ASP. It can also make your site unusable to blind and visually impaired people, because they may not be able to see the picture. Audio CAPTCHA is an alternative method, though we haven't tried it yet. It's on our list of things to do!

Form Processing Software

Many web sites have a contact or newsletter sign up form, along with a program to do the emailing of what was submitted. A common problem with these programs is exposure of your email address to spammers, because they know what to look for and steal your address for spamming. Another possible problem is a spammer using your program to send out spam.

Our favorite form processing software is from Tectite.com. It's a very flexible and reliable program which protects your recipients, can't be abused by spammers, and includes CAPTCHA support.

Validating User Input

An important part of protecting your site is making sure people are entering the kinds of data you expect. You don't want them putting junk in your database or emailing malicious programming. Input validation strips off all the bad stuff and checks to be sure the data looks OK before it goes anywhere.