Exterminating Form Spam
In 2005, we launched a web application for our campus that allows our users, especially those with no technical knowledge, to produce web forms.
Why did we do this? Mostly, we did it because everyone always wanted a form and my group had to build them all. We had been using the ancient FormMail.pl but each receipient had to be approved and each form hand-coded with required fields. I wanted users to be able to create forms, have the results emailed to them as well as saved in a database, and manage those forms, all without having to get the web team involved.
I know, web forms aren’t sexy. Not in the least, but they’re a critical part of how people communicate with us on our sites. Since it’s launch, FormBuilder (original name, I know) has really made an impact across campus. Forms are all uniform in terms of style and layout. This was a huge problem, as everyone, myself included, was building forms differently. Offices on campus can create a form in just a few minutes, email the address or post it on the web and start getting responses in minutes. These offices have seem a dramatic improvement in student responses and program attendance.
So FormBuilder’s been chugging along with no problems, until recently when it’s been getting hammered with spam. Not all forms are getting hit, just a lucky few. They are receving, seriously, hundreds of submissions a day. Luckily, it’s mostly gibberish and not pr0n spam, but still, it’s annoying for my users and it’s using my resources up. Not cool.
I wrestled for a long time with how to stop the spam. I thought about adding some kind of question that would be appended to each form, such as “What is 2+2,” or something to that effect. I thought about using code like Bad Behavior, but I don’t know if that would be easily defeated.
In the end, I decided to implement the dreaded CAPTCHA.
I looked at code to generate my own and do all the processing on my server. I struggled with getting them to be readable and getting them to fit in with the look and feel of our forms. After running into so many problems, I decided to use the reCAPTCHA service.
reCaptcha was developed by Carnegie Mellon University, and, in addition to reducing spam, the project helps digitize books from the Internet Archive. In my eyes, that’s a win-win. ReCaptcha allows users to reload the images if they are tough to read, and they also allow for users to hear a series of numbers that they enter instead of words. Listen to the numbers sometime, it’s a little creepy.
ReCaptcha is being used on a great deal of large websites, including Twitter, StumbleUpon and Ticketmaster, to name but a few. I’m sure you’ve seen the red reCaptcha boxes as you’ve surfed the web.
Implementing reCaptcha was painless. They offer libraries in a variety of languages and detailed instructions. I used the PHP code and it’s worked perfectly. What really drew me to the service is the fact that you can really customize the look and feel of the captcha to match your color scheme.
Here’s a standard reCaptcha box:
Here’s an example from one of our FormBuilder powered forms:
Earlier this week, we rolled this out on all FormBuilder-powered forms. It was smooth and other then a call to our computing help desk by a user who feared we’d been hacked, we haven’t heard any issues from people filling out forms or from our campus users.
Thus far, the spamming has stopped and only legitimate form entries are getting through. Of course, it will only be a matter of time until hackers beat ReCaptcha, and the whole cat and mouse game will start again.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Where the magic happens: Part 1
As I was sweating in my office (we don’t have A/C, yet - it’s a long story), I got to thinking about offices and our work spaces. I recently switched out the big, bulky, old fashioned desk I inherited when I moved (back) into the office I’m in now for a very simple one, with only an IKEA table. I think not having a lot of space for papers to accumulate keeps me focused.
I’m interested in your spaces and how it gets you or keeps you motived. I hope you’ll send or post photos of your space so I can link them here.
First on the block is Brad Ward at Butler University and BlogHighEd.org. He’s annotated the photo in Flickr, click on it for the notes.
Thanks, Brad, for sharing your space.
If you enjoyed this post, make sure you subscribe to my RSS feed!
What the new iPhone means to higher ed web folks
Unless you are living under a rock, you know that Apple announced its new iPhone 3G yesterday. I’ve had an iPhone for six months and love it, and I’m looking forward to the faster speeds and new features like real GPS service.
I’ve also been thinking about how this will impact us as higher education technology and web professionals.
Après moi le déluge
With the price of iPhone now dropping to $199 for the 8GB model, I would be prepared for a large number of students arriving on campus this fall with iPhones. They will expect wifi access as well as websites optimized for browsing on iPhone. There are authentication issues and other wireless security options we’ll have to review.
Now’s the time to also create an iPhone icon for your school.
Automatic Geotagging of Photos
The new iPhone will allow users to automatically, via the internal GPS, to record the exact location a photograph was taken. While this is a neat, potentially useful feature, we’re going to have to be extra-vigilant in keeping an eye on what photos are attributed to our schools or taken on our campuses. Not that we can take them down, but as GI Joe says, knowing is half the battle.
Strain in server resources
If you’ve got an email setup using Exchange, you probably won’t see a huge bump but if a large number of new iPhone users are POP’ing their email every few minutes, we may see an increased load on email servers. If you outsource your email to Gmail, for example, you won’t see this.
Power Users
Many public spaces at our college, such as the library and one of our dining halls, offer power and network connections at many tables and booths. I’ve used the power a ton of times, but it would be really cool if we started to offer other connection options at these stations. The iPhone specific example is a powered USB port, so that we can keep our phones powered on and charging while we study, do research, eat, etc. Are anyone’s schools doing this?
What am I missing?
If you enjoyed this post, make sure you subscribe to my RSS feed!
