how to avoid bot attacks on form

Question

i have these forms:

https://www.mychabad.org/templates/articlecco.asp?aid=1188756&jewish=General-Contributions.htm&lang=en&site=chabaduc.org

https://www.mychabad.org/templates/articlecco.asp?AID=1189379

https://www.mychabad.org/templates/articlecco.asp?aid=1189287&jewish=Shabbat-Holiday-Sponsorships.htm&lang=en&site=chabaduc.org

and last night they were attacked by a bunch of submissions

1. is there anything simple i can with the code to avoid such attacks?
2. if not, should i be using a different form service?

Answer 1

I think you can read the basic concept from Captcha's website. Then, google for Captcha with classic ASP.

You may have to figure things out on your own after that, because we cannot see your ASP pages' source code.

Answer 2

CAPTCHA is the most well-known solution, but if you're looking for something simple, I've found that this works quite well: set your form's submit URL to blank (or something invalid) and introduce it via JavaScript. So far, I haven't seen a bot that executes JavaScript to get past forms. This does mean that users need to have JavaScript enabled, but most do anyway.

Example:

<form id="myform" action="" onsubmit="return doSubmit();">
...
</form>

<script type="text/javascript">
function doSubmit() {
  // You can also do any validation here if required
  document.getElementById('myform').action = 'real_submit_url';
  return true;
}
</script>

Answer 3

Try putting an empty field in the page, hide it via CSS and check if it's filled in. (Perhaps with a note beside that says to leave it empty in case a user has CSS disabled.) Many bots will fill every field in, so you can check if this field is empty.