I have a website where I have a job section. I allow applicants fill out job applications online. No login is required. The data input gets stored in a database.
I have NOT put any captcha or bot blocking mechanism in the HTML form. I understand that this is a dumb thing to do. But mine is a small website and I did not spend too much time programming this.
I see every once in a while garbage inputs into the application form fields like the following:
yRERRCEXEUOMCew
Some times the 'City' field in the data would have a valid input (such as New York)
I am trying to understand where does this input come from and what would anyone gain by doing this.
Thanks
It comes from spam bots and they just submit random information to check to see if it is a working form or can send email, etc. If you are looking for a non-intrusive method (i.e. no CAPTCHA or JavaScript) to prevent spam bots from submitting bogus data, I would highly recommend throttling form submissions. If you are using PHP, you could use code like this:
// Sessions needed to tie forms to specific users
session_start();
// Process form here
if ( isset($_POST['submit']) )
{
$now = time();
// See if the current time less the start time is less than or equal to 5 seconds
if ( ( $now - $_SESSION['start_time'] )
Note: this will not stop dedicated bots nor will it provide any real security. It will stop automatic flood bots though since they will not normally wait 5 seconds between submissions.
Hope this helps.
I am trying to understand where does this input come from ?
It can come from any where , a user can also input this as your app isn't validating this input.
and what would anyone gain by doing this.
No Idea
You can put captcha. or simply you can add two attribute
lets say
1,98 and one operation sign(for example , +) let the user perform and validate this thing @ server.
Also See
- Practical non-image based CAPTCHA approaches
