I'm caught in a hard place where I am being forced to use ASP classic on some web forms. I don't want to get spammed, but I am unaware of how to create a honeypot with .asp classic.
Is this possible or will I have to use a captcha field?
Or is there a better way to prevent spam with asp classic?
Form Fields:
<div class="row">
<div class="col-md-offset-1 col-md-10">
<form class="form-horizontal" role="form" method="post" action="submit.asp">
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="text" class="form-control" name="Name" placeholder="Name" required/>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="email" class="form-control" name="Email" placeholder="Email" required/>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="tel" class="form-control" name="Phone" placeholder="Phone Number">
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="text" class="form-control" name="Subject" placeholder="Subject">
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<textarea name="Info" class="form-control" rows="3" placeholder="Message"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<button class="btn btn-theme btn-lg btn-block"type="submit" value="Send">Send message</button>
</div>
</div>
</form>
<%
Dim EmailFrom
Dim EmailTo
Dim Subject
Dim Name
Dim Phone
Dim Email
Dim Questions
EmailFrom = "name@company.com"
EmailTo = "chad.bridges@company.com"
Subject = Trim(Request.Form("Subject"))
Name = Trim(Request.Form("Name"))
Phone = Trim(Request.Form("Phone"))
Email = Trim(Request.Form("Email"))
Questions = Trim(Request.Form("Info"))
Dim Body
Body = Body & "Name: " & VbCrLf
Body = Body & Name & VbCrLf
Body = Body & "Subject: " & VbCrLf
Body = Body & Subject & VbCrLf
Body = Body & "Phone: " & VbCrLf
Body = Body & Phone & VbCrLf
Body = Body & "Email: " & VbCrLf
Body = Body & Email & VbCrLf
Body = Body & "Questions: " & VbCrLf
Body = Body & Questions & VbCrLf
Dim ObjSendMail
Set ObjSendMail = CreateObject("CDO.Message")
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") ="10.000.00.000"
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 00
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
ObjSendMail.Configuration.Fields.Update
ObjSendMail.To = "chad.bridges@company.com"
ObjSendMail.Subject = "Website Request"
ObjSendMail.From = EMailFrom
ObjSendMail.TextBody = Body
ObjSendMail.Send
Set ObjSendMail = Nothing
Response.Redirect("Index.html#contact")
%>
I have had good luck with using 3 types of spam prevention on every submit page even sign in and sign up pages. Because ASP is kind of old you might want to keep it simple and only use numeric values as checks with one hidden spam bot field. Keep the human approach. Note: Code is just pieces of my active site, take the ideas and be creative for your site.
1. Hidden field
<input type="hidden" name="email" value="" />
Maybe your code looks like this:
Response.Write("<input type=""hidden"" name=""email"" value="""" />" & vbCrLf)
2. Numeric question: This requires a simple function and it does a very good job. We want to randomize numbers 1 to 9 so no answer is ever higher than 18 and never 0.
str1R = RandomNumber(1,9)
str2R = RandomNumber(1,9)
Session("str3") = (str1 + str2)
Function RandomNumber(LowNumber, HighNumber)
RANDOMIZE
RandomNumber = Round((HighNumber - LowNumber + 1) * Rnd + LowNumber)
End Function
HTML might look like:
<label>Question: What is <%=str1R%> + <%=str2R%> ?</label>
<div>
<div>
<input type="number" name="question" id="question" required />
<input type="hidden" name="a" id="a" value="1" />
</div>
</div>
strA = Request.Form("a")
strQuestion = Left(Request.Form("question"),2)
If IsNumeric(strQuestion) Then
'do notta
Else
strQuestion = -1
End If
If IsNumeric(Session("str3R")) Then
Session("str3R") = Trim(Session("str3R"))
Else
Session("str3R") = 0
End If
strMath = ((Session("str3R") - strQuestion) = 0) 'Now we have True or False
If (strMath = True) Then 'Do your ASP Classic Stuff.
Select Case strA
Case 1
'Sends Email
Case 2
'Submits Registration
End Select
End If
3. CAPTCHA I mean the CheckCAPTCHA() function not those "I can't ever seem to read" I've used numeric values for Captcha for 16 years and only had 2 complaints, when I tried the more complex versions so many couldn't see the letters and numbers very clearly. (ASP = OLD + Members)
Google: Dim newBitmap(21,87) Dim vDistort(8) In the number one slot of your google results should be the full ASP Classic Numeric Captcha code. It's old, It's Numbers, It works. I don't think modern BOTS even detect this old bitstream. (humor)
If you need working examples just ask, takes a bit to setup a test page but if you're new to forms and need spam prevention it's best to learn more than one method. At any "False" point of all form submissions you should know if it's Human or BOT.
I often stop code on BOT traffic with Response.End
With Humans I response with instructions and what might have gone wrong "The math question, you missed it by x much"
The Math Question can be replaced with an image "What is in this picture?" using a dog,apple, cat, something with limited possible responses.