Junk messages comimg via my website form Please help

g7nomie wrote:
A bit long sorry.........
I have a form on a page of my website. It gives my possible customers a
chance to contact me with enquires or comments. The messages come direct to
my email.

The problem I am finding is that I am getting messgaes via this well which I
think are VERY INAPPROPIATE (if you know what I mean) Does ant one know how I
can stop these as I am finding it a little distressing.

A customer has also contacted me and said she sent me a messgae which I did
not recieve so I am also wondering if there is some kind of possible virus
attached.

Please help!
Naomi

Naomi....

You put your email out on your site for customers to respond...
Fair game for spammers.

Sorry, those are the Cho's of this world


Use a throw away email addy and reply to the good ones(?) with a
"realer" addy... just an idea...

Mike Koewler wrote:
If a bot can't get to it, how will legit visitors???

You could place the form in a password-protected subfolder, and list the
username and password on the page that links to it.

--
Ed Bennett - MVP Microsoft Publisher
http://ed.mvps.org

Ed,

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.

Mike

Ed Bennett wrote:

Mike Koewler wrote:

If a bot can't get to it, how will legit visitors???


You could place the form in a password-protected subfolder, and list the
username and password on the page that links to it.

Mike Koewler wrote:
From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.

I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a .htaccess.

--
Ed Bennett - MVP Microsoft Publisher
http://ed.mvps.org

Ed,

yes, the htaccess file can password protect a folder but I can foresee
several problems. When Pub uploads files, it normally does so to the
root directory, which would be fine. But the form, along with any
graphics would have to be uploaded to a different directory - the one
that is protected. That folder would probably have to have a subfolder,
/index_files, where Pub stores all the images and other pages, unless
the user wanted only a text file. Even then, he/she would have to enter
absolute links back to the other pages and probably create a separate
file for just that page, lest Pub upload it to the regular index_files
folder. (not sure how FP extensions work with subfolders - there's a
certain sequence one is supposed to go through if an htaccess file is
changed after the extensions have been activated)

The bottom line is one can take steps to decrease the amount of spam
replies but it usually isn't worth it. :-(

Mike

Ed Bennett wrote:

Mike Koewler wrote:

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.


I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a .htaccess.

IMHO I think that Steve in NC hit the nail on the head. It really doesn't
matter whether you put the form page in a password protected subfolder, or
use a form program that requires validation. While these things may slow the
amount of spam, none of those things are going to prevent someone from
sending an "inappropriate" message to the OP. If the OP is going to put
themselves out there on the internet, and invite people to contact them via
either a form or an email, they need to develop a thicker skin...and find
the delete key.

DavidF

"Ed Bennett" wrote in message
...
Mike Koewler wrote:
From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is proficient
enough to use html fragments to set up form validation, he/she could
easily set up the form itself using a script such as soupermail to
process the form.

I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a
.htaccess.

--
Ed Bennett - MVP Microsoft Publisher
http://ed.mvps.org

David,

You know, as many forms as I have on different sites, spam is not a
problem. I get maybe one message every three weeks (from a form!) that
is spam, and then it is just someone trying to register for an event.
I've yet to get an 'inappropriate message' in a form. I don't think bots
are that adept at filling in forms, or else spammers have more effective
ways.

Now getting spam in general - yeah, dozens a day. But I don't think they
found my address via the forms, as I use a routing method for most of
them. The hardest ones to filter seem to the ones offering "tips" on
buying penny stocks. The spammers fill the message with generic but
acceptable text then attach an image with the tip in it. They often have
a subject line that makes some sense or contains a - which filters
usually allow through.

I figure I'm using about 30 seconds a day to deal with this stuff - not
exactly a major disruption to my job!

OTOH, I do have lots of bots trying to register in the different forums
I run. However, once I set them up so the person has to reply to a
message to activate their account, not one single spam post.

An interesting note: I sold an ad to this rock climbing business. He
gave me his web site so I could get his logo and saw a link to his
forum. He had been running it for less than a year, yet had over 1,200
members. Pretty impressive, I thought, and I told him so. He told me he
had only about 50 real members, the rest were spammers.

Mike

DavidF wrote:

IMHO I think that Steve in NC hit the nail on the head. It really doesn't
matter whether you put the form page in a password protected subfolder, or
use a form program that requires validation. While these things may slow the
amount of spam, none of those things are going to prevent someone from
sending an "inappropriate" message to the OP. If the OP is going to put
themselves out there on the internet, and invite people to contact them via
either a form or an email, they need to develop a thicker skin...and find
the delete key.

DavidF

"Ed Bennett" wrote in message
...

Mike Koewler wrote:

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is proficient
enough to use html fragments to set up form validation, he/she could
easily set up the form itself using a script such as soupermail to
process the form.

I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a
.htaccess.

--
Ed Bennett - MVP Microsoft Publisher
http://ed.mvps.org

Mike,

This page is an example of a CGI serverside form.
http://www.anthemwebs.com/contact_us.htm
It has never been compromised. Note the small Compendium subscription
request in the left border, it is compromised a couple of times each week.
"Mike Koewler" wrote in message
...
If a bot can't get to it, how will legit visitors???

Mike

Charles W Davis wrote:
To solve the problem, contact your host and ask how to set up the forms
on the server where the Bots can't get access.
"Mike Koewler" wrote in message
...

Grumpy,

Still, I think the question was better placed in a website-only
group.

I agree. She did post it in the MS Pub web design group, as David F.
(the resident web guru since the other David left) tends to check that
group more frequently - or so it seems.

Mike

Uncle Grumpy wrote:

Mike Koewler wrote:


Maybe you need to take a nap. :-) Pub, you know, the software this NG
is dedicated to, uses FP extensions to enable forms to work. It is a
Pub issue, though the question would be better posted in the web
design section (which she has done).



I use FP to design/manage several websites. I didn't know Pub had
that capability.

Still, I think the question was better placed in a website-only group.

JMO.

The problem is not how to code it, I can do the same thing in a snap
using a program other than Pub. From what I have heard, Publisher does
not have a way to validate form fields.

Mike

Charles W Davis wrote:
Mike,

This page is an example of a CGI serverside form.
http://www.anthemwebs.com/contact_us.htm
It has never been compromised. Note the small Compendium subscription
request in the left border, it is compromised a couple of times each week.
"Mike Koewler" wrote in message
...
If a bot can't get to it, how will legit visitors???

Mike

Charles W Davis wrote:
To solve the problem, contact your host and ask how to set up the
forms on the server where the Bots can't get access.
"Mike Koewler" wrote in message
...

Grumpy,

Still, I think the question was better placed in a website-only
group.

I agree. She did post it in the MS Pub web design group, as David F.
(the resident web guru since the other David left) tends to check
that group more frequently - or so it seems.

Mike

Uncle Grumpy wrote:

Mike Koewler wrote:


Maybe you need to take a nap. :-) Pub, you know, the software this
NG is dedicated to, uses FP extensions to enable forms to work. It
is a Pub issue, though the question would be better posted in the
web design section (which she has done).



I use FP to design/manage several websites. I didn't know Pub had
that capability.

Still, I think the question was better placed in a website-only group.

JMO.

Actually, I almost posted back to ask Ed a question after that last post,
and I think you answered it. My understanding has been that spambots cannot
glean your email address from a form, and that is one of the reasons to use
one. Your experience seems to confirm that. Thanks.

DavidF

"Mike Koewler" wrote in message
...
David,

You know, as many forms as I have on different sites, spam is not a
problem. I get maybe one message every three weeks (from a form!) that is
spam, and then it is just someone trying to register for an event. I've
yet to get an 'inappropriate message' in a form. I don't think bots are
that adept at filling in forms, or else spammers have more effective ways.

Now getting spam in general - yeah, dozens a day. But I don't think they
found my address via the forms, as I use a routing method for most of
them. The hardest ones to filter seem to the ones offering "tips" on
buying penny stocks. The spammers fill the message with generic but
acceptable text then attach an image with the tip in it. They often have a
subject line that makes some sense or contains a - which filters
usually allow through.

I figure I'm using about 30 seconds a day to deal with this stuff - not
exactly a major disruption to my job!

OTOH, I do have lots of bots trying to register in the different forums I
run. However, once I set them up so the person has to reply to a message
to activate their account, not one single spam post.

An interesting note: I sold an ad to this rock climbing business. He gave
me his web site so I could get his logo and saw a link to his forum. He
had been running it for less than a year, yet had over 1,200 members.
Pretty impressive, I thought, and I told him so. He told me he had only
about 50 real members, the rest were spammers.

Mike

DavidF wrote:

IMHO I think that Steve in NC hit the nail on the head. It really doesn't
matter whether you put the form page in a password protected subfolder,
or use a form program that requires validation. While these things may
slow the amount of spam, none of those things are going to prevent
someone from sending an "inappropriate" message to the OP. If the OP is
going to put themselves out there on the internet, and invite people to
contact them via either a form or an email, they need to develop a
thicker skin...and find the delete key.

DavidF

"Ed Bennett" wrote in message
...

Mike Koewler wrote:

From what I understand, Pub doesn't offer validation of form fields,
otherwise the solution would be much simpler. And if a user is
proficient enough to use html fragments to set up form validation,
he/she could easily set up the form itself using a script such as
soupermail to process the form.

I meant simple website password-protection - the type that gives you a
browser pop-up asking for credentials. I've never done it, so forget
exactly how it's done - think it might be something to do with a
.htaccess.

--
Ed Bennett - MVP Microsoft Publisher
http://ed.mvps.org