New Contact Form

by   •   Site News
 
This post is over 13 years old and may contain information that is incorrect, outdated, or no longer relevant.
My views and opinions can change, and those that are expressed in this post may not necessarily reflect the ones I hold today.
 

After having a commenting form on my old WordPress blog, and after getting more spam comments than legitimate comments, I lost faith in the people that wanted to comment on my content, and after tran­sitioning to the new Parkzer.com on May 15, 2010, I removed commenting entirely.

Shortly after, I started getting instant messages and emails from people that said that they wanted to comment on my blog posts and other articles. When I explained to them why commenting was gone in the first place, they suggested that I implement a system that makes it a lot harder for spammers to successfully get through.

On July 5, 2010, I started adding a Discussion section to some of my blog posts, and added that in order to contribute to the discussion, one must email me directly after acquiring my email address from a CAPTCHA. I knew that this would discourage spammers, as most of them would not go this far simply to spam my website. I even added a note that there was no guarantee any submitted comments would be published on their respective blog posts.

The only problem was, not only did this discourage spammers, this also discouraged the people that wanted to leave good discussion-based comments. Finally, earlier today, I decided to give everyone an­other chance and made a comment form that can be used universally on my website. I wrote the sub­mission form myself in PHP, adding particular ways to catch spammers and make sure known spammers can’t use the form.

Like every new thing that I release, this Contact form is currently in public testing mode. I will be scanning through the comments I receive and find out ways spammers and spam bots are getting through, then add ways to block those smarter spammers. One thing that you’ll notice in this contact form that’s different than many other blog commenting forms is the abundance of text fields. Most blog commenting forms only have three fields: name, email address, and comment. Mine has far more: name, email address, subject, and message to be filled out by the user; IP address, date and time, and refer­ring page automatically filled out.

Depending on how this turns out, I’ll most likely post an update to how the commenting form ended up, and how well it’s working. Check back on the news page, and I’ll update the date next to this article if it has been updated at all.

 

Wednesday, December 01, 2010

It’s been four months since I implemented the commenting and contact form system on my website, and I think it’s time for an update on how it’s going.

I’ve managed to make a contact form good enough that I’ve had almost no spammers, even without a CAPTCHA image verification system. I think simply adding a “Subject” field threw off the spamming bots enough for them to not be able to submit my form – not including a subject gives an error on a sub­mission attempt, and the only way to know the form didn’t submit is to read the error message that’s written on the page, which I’m assuming most bots are unable to do.

If you’re interested in knowing why, the Subject field is so important in this case because it makes my custom form deviate from a standard form. Most spamming bots are built to seek out contact or comment pages and inject their preprogrammed and predefined data into the form. A majority of comment pages have a space for name, email, and comment. My form also has a space for name, email, and comment, but also has a required Subject field. Because most comment forms don’t have subject lines, the spam bots are not preprogrammed with data to inject into a subject line when they encounter one. The bot is then unable to continue any further, and gets an error when trying to submit. The error is still a confirmation page – a page confirming failure. The bot doesn’t know the difference between a confirmation of success or a confirmation of failure, and moves on assuming the form submitted properly.

The spam bot programmers that are intelligent enough to have their bots inject random data (such as “zkrfsjxmyzc” and “CefxkBXZEetnrX”) into all fields managed to get through my filtration system a few times until I found out a way to combat that as well. Not long after the release of my form, I added a new field called “Spam Check.” This field is meant to be left blank (as denoted by the words “Leave blank” next to the field). A bot that injects data into all fields just so the form will submit is out of luck now, because putting in any data in the Spam Check field will cause it to reject the form.

Overall, I’m satisfied with how the form and the results turned out. Although I’ve rejected many com­ments from real people because they were stupidly written or trolling, I’ve also accepted many comments that now appear on various areas of my website. I’ve also responded to many one-on-one messages through email that were initiated with the contact form.

Like always, feel free to use the contact form to provide me with any feedback on this article, or about anything in general.

http://parkzer.com/contact

 

—§—

 

 

—§—