• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Defeat the bots or scare the customers away?

P

paulney

Diamond Member
My business website has an inquiry form for free estimates and quotes. People fill it out with the question and hit submit. It gets used fairly often: I found out people prefer to ask the question via the web to avoid any possible pressure over the phone.

Well, now after quite some time some crawler-bot discovered it, and is now spamming me at the rate of about 10 messages per day. It's the usual guestbook-spammer variety bot.

So the dilemma is: should I implement a simple captcha-like test and stop this nuisance, or accept spam as part of doing business? I'm afraid people will just say 'screw it' when they see a captcha-like question. I have not seen it on any professional-services oriented website... Is it considered poor UI/business style?

Thanks.
 
Originally posted by: Whoozyerdaddy
WTF is a captcha-like test?
Click to expand...

An image that can be understood by human, but hard or impossible to decode by bot.
Or simply generate some phrase or number and ask the customer to retype it or answer the test (like: 2+ 2 = ?)

It's not hard, but every extra click that the customer has to make could drive him away.
 
Originally posted by: paulney
Originally posted by: Whoozyerdaddy
WTF is a captcha-like test?
Click to expand...

An image that can be understood by human, but hard or impossible to decode by bot.
Or simply generate some phrase or number and ask the customer to retype it or answer the test (like: 2+ 2 = ?)

It's not hard, but every extra click that the customer has to make could drive him away.
Click to expand...

Make it simple, do not use o and 0, because it is confusing and it pisses people off who have to enter it twice. Or just use all letters and skip anything that looks like a number such as g and 6. I wouldn't be mad at all if it were that simple.

EDIT: 1 and l i I L too.
 
Originally posted by: feelingshorter
Originally posted by: paulney
Originally posted by: Whoozyerdaddy
WTF is a captcha-like test?
Click to expand...

An image that can be understood by human, but hard or impossible to decode by bot.
Or simply generate some phrase or number and ask the customer to retype it or answer the test (like: 2+ 2 = ?)

It's not hard, but every extra click that the customer has to make could drive him away.
Click to expand...

Make it simple, do not use o and 0, because it is confusing and it pisses people off who have to enter it twice. Or just use all letters and skip anything that looks like a number such as g and 6. I wouldn't be mad at all if it were that simple.

EDIT: 1 and l i I L too.
Click to expand...

And keep it short.
 
That happened to me and I just changed the names of the form fields. Whoever set it up hasn't bothered to update it yet.
 
Entering a quick 4-5 digit code isn't to painful. Just make sure you get a readable one. I've seen a few that distorted the text to much were almost impossible to re-type.
 
A couple of things you can do. Have a combo box where the first option is "Please Select". When your script parses the post values, if the combo box field hasn't changed and the value is still Please Select, return to the user to the form requesting they select an option. Secondly, make an extra text or input field on the form that's hidden by CSS (display: none) so the general user doesn't see it and won't fill it out. If the bot puts something in that field, then don't send the e-mail.

The first method requires action, the second method requires inaction. A form combining the two methods should eliminate most bots and there's no need for captcha.

Edit: You don't have to use a combo box, any field that is "required" will do for the action method. I prefer the combo box though because some bots may leave that as is, while still putting some spam stuff in the other required fields.

Oh, also, if you're sending out a "Thanks for your comments, we'll get back to you soon" e-mail, be sure that the reply-to e-mail address for this notice is a mail account that doesn't receive any incoming e-mail. Then put the appropriate notification in thank you e-mail that says please do not reply to this e-mail address.
 
Originally posted by: jjones
A couple of things you can do. Have a combo box where the first option is "Please Select". When your script parses the post values, if the combo box field hasn't changed and the value is still Please Select, return to the user to the form requesting they select an option. Secondly, make an extra text or input field on the form that's hidden by CSS (display: none) so the general user doesn't see it and won't fill it out. If the bot puts something in that field, then don't send the e-mail.

The first method requires action, the second method requires inaction. A form combining the two methods should eliminate most bots and there's no need for captcha.

Edit: You don't have to use a combo box, any field that is "required" will do for the action method. I prefer the combo box though because some bots may leave that as is, while still putting some spam stuff in the other required fields.

Oh, also, if you're sending out a "Thanks for your comments, we'll get back to you soon" e-mail, be sure that the reply-to e-mail address for this notice is a mail account that doesn't receive any incoming e-mail. Then put the appropriate notification in thank you e-mail that says please do not reply to this e-mail address.
Click to expand...

Thanks a lot! Great advice, I'll do that!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top