Friendly forums for passionate Dems!
More than 93 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»If AI bots are spamming y...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

William Seger

(11,648 posts) Sun May 25, 2025, 05:46 PM Sunday

If AI bots are spamming your site's contact form, I found a solution that doesn't use captcha

I recently read that AI bots are searching the web for such contact forms and figuring out what to submit. (That would not be a good use of a human's time, just to spam one form.) I hate those captcha things (especially the "select all images of bicycles" type), but lately I've been getting so much spam on the "help" and "contact us" forms on my site that I was thinking I would have to start using them. However, it occurred to me that one way that might defeat those bots would be to set a dummy URL in the form's action, but then set the real URL in an onload( ) function in the body tag. This seems to work -- the bots aren't executing the JavaScript. In the form, I set a URL to a script that logs the REMOTE_ADDR variable, then redirects to that same address, which typically fails, but it takes the browser's full time-out period to do so. I just changed it this morning, and so far it's already logged four requests from the four different IP addresses, so I've added those addresses to my website exclusion list.

4 replies, 273 views
4 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
If AI bots are spamming your site's contact form, I found a solution that doesn't use captcha (Original Post) William Seger Sunday OP
Good for you. I know of quite a few bots/spiders that will execute JS but it is more expensive for them. erronis Sunday #1
Good for you. usonian Sunday #2
Good for you for adding these links, usonian. highplainsdem Sunday #3
I don't want to block web crawlers; I just don't want them spamming me William Seger Tuesday #4

erronis

(19,879 posts)
1. Good for you. I know of quite a few bots/spiders that will execute JS but it is more expensive for them.
Reply to William Seger (Original post)
Sun May 25, 2025, 06:08 PM
Sunday

Another simple trick is to make your own "captcha" with images of numbers that need to be added and the result entered. Again, not impossible for bots but it makes it more difficult. Back in the old days (4-5 years ago?) teams of very low wage people were used to solve these types of problems.

usonian

(17,911 posts)
2. Good for you.
Reply to William Seger (Original post)
Sun May 25, 2025, 07:47 PM
Sunday

I don't have a site to slam, but I admire what people are doing.

Tarpits
https://arstechnica.com/tech-policy/2025/01/ai-haters-build-tarpits-to-trap-and-trick-ai-scrapers-that-ignore-robots-txt/

Cloudflare Using Devilish Trick to Trap AI Scrapers in Infinite Maze of AI-Generated Content
https://futurism.com/cloudflare-trap-ai-scrapers-maze

How to block AI web crawlers: challenges and solutions
https://stytch.com/blog/how-to-block-ai-web-crawlers/

I fart in their general direction.

William Seger

(11,648 posts)
4. I don't want to block web crawlers; I just don't want them spamming me
Reply to usonian (Reply #2)
Tue May 27, 2025, 12:23 AM
Tuesday

Since I started blocking IPs, the attempts that my hack has logged has slowed down -- 9 yesterday, only 3 today -- and none have gotten through. But I'm not going to keep blocking every IP that I see -- too much trouble, and really not worth the time it would take. I'll just check the log every once in a while to see how many repeat offenders there are, but it's possible that the IPs I see in REMOTE_ADDR are spoofed anyway.

Next, I'm thinking of doing something similar for my login script, which receives dozens of hits per day with bogus email addresses and random-character passwords. I have no idea what the deal is with that -- it isn't a SQL injection attack or anything like that, just totally bogus credentials that always fail. Sometimes there are multiple attempts within a few minutes from the same IP with different credentials. I log the failures, and I've noticed that an uncomfortable number of them are from Russia, China, and other countries that are known for hacking, and the fact that I don't know what they're up to disturbs me, even though it seems pointless.

Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»If AI bots are spamming y...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2025 Democratic Underground, LLC. Thank you for visiting.