How To Get Rid of Spam on Form Submissions

Recently we had a client who started to rank up very quickly on the major search engines such as Google and Yahoo. We noticed that the amount of spam that was being passed through our web submission forms increased by 1000% and that happens to all major websites Well, over the next couple of months I came up with the best way and really the final way to get rid of all spam from web forms!

Spam is one of the biggest problems on the Internet. Spamming web forms increases when a website increases in ranks since the spam robots are able to find them a lot easier for the keywords that are targeted.

Why Do You Get Spam Web Form Submissions?

The technique that spam robots use is called “Link injection”. It is used to create backlinks from unsuspecting web site owners by simply inserting these links into any web form that they can find. The chances that the web form is a user generated content site is high so users’ comments are immediately placed on the sites and some sites go without moderation. In the mind of the spammer, they will simply submit their links to as many web forms as possible hoping to create some back links to their own sites through this method.

Unfortunately, it works. Otherwise spammers wouldn’t do it. However, it only works for 5% of the sites submitted. On the other hand there are 95% of web administrators who get the spam form submissions which just clogs their form system.

Current Methods Used

1. First Method is the “captcha” code (security code, human code, etc). This is where a user has to enter a sequential set of letters and numbers into a text code and the system verifies the code is correct.

a. This method can hurt your conversion and sometimes confuse a user who might be new to the Internet.

b. Not a lot of people know about this but recognizing captcha by spam robots
technology has been around since 2002. This means in the coming months and years more spam robots will be getting past the “captcha” technology.
One of my websites already got hit with these new spam robots that
get past the captcha security technique.

2. IP banning is another method. The problem with this is that spammers come from all over the Internet, they use Bot networks and proxies. You can only react to a spam with this method. Also if the spam robot is using an ISP with a shared IP address, then you are potentially blocking legitimate users as well.

My Method

This is a very easy and quick method of fixing this spam issue. By using this technique, the client’s site went from about 20 spam messages a day to 0 since.

The way this technique works is by exploiting the weakness in 99% of all spam
robots. 99% of all spam robots are built like a text browser and they can only read text; no images, no flash nor JavaScript!

You can use flash to create a form for the submission process, and it will never be spammed. You can also use Ajax/Javascript to call your form from another page and display the content onto the page that it is calling from. Spam robots cannot read JavaScript so they will no longer bother you again!


1. I started out by putting an Ajax protocol onto the website. Basically the JavaScript file calls an Ajax function.

b. The particular one I used (You can download it here or at the bottom of the page) simply calls an html page and displays the content of the html page where ever the script is called from.

2. Then I place my form into a file save it as “contact.html” or whatever you prefer.

3. I then place the JavaScript code that calls the function, which calls the form I created and places the web form onto the web pages where the JavaScript called it form.

Click Here for DEMO and to Download .

Lets say you have a form on index.html page.

1. Link to the Ajax JavaScript that is provided in the header of the index.html page.

2. Take the actual web form out of the index.html page, and place it into another separate text file and save it.

3. Now use the below script and place it where the form used to be in the index.html page.

<script type=”text/javascript”>scan(“/myform.html”)</script>
a. Replace the “/myform.html” with your form name. (This method assumes that the form is in the root directory, if for example the form is in, then replace it with /forms/form.html)

What you have done is taken the form out of the html source code which spam robots view and inserts spam into, and place it into a separate file. Then you are calling a function called “scan” that simply reads the separate file, and displays the content of the file you called.

I got the technique from .

They use Ajax to include other web pages’ content. I then thought, hey, why can’t I use this to call forms that are invisible to spam robots? The crazy part is that simply because spam robots don’t read javascript, your web forms will no longer will get spammed! It is so simple.

Another added benefit is that if you have a form that appears on several pages, you can simply edit one file, and now all the forms will be updated.

For help on getting rid of spam, you can contact us here. (Link to contact us form)

Click Here for DEMO and to Download .