Thursday, February 11, 2010

How to Avoid Bot Spammers in APEX

If you've ever developed a public web application with a form on it you may notice that you may get bot spammers trying to enter information into your application.

There's a simple trick that a friend of mine, Sean Rabey, at Pump Interactive showed me which will help you reject submissions from bots.

Sean suggested that I use an input field and then hide it with CSS. Humans entering data into the form won't see the field and therefore won't enter anything into it. Bots on the other hand may try to fill out this field and can't detect whether or not it's visible in the browser. If your "special" field has data in it you can reject the submission since you know it's not a human entering the data.

Here's an example of how you can do this in APEX. You can view an example here: http://apex.oracle.com/pls/apex/f?p=20195:2900

- Create a "Dummy" item
Set "HTML Form Element Attributes" to class="hideMe"



- Configure "hideMe" style
Add the following in your application somewhere (or to a CSS file)




- Add validation to catch bot entries
Type: Exists
Validation Expression 1:

SELECT 1
FROM DUAL
WHERE :p2900_dummy IS NULL

3 comments:

  1. Simple trick as long as your web site isn't a popular one, because then the bots will be adapted to it.

    BTW a tip: Use a simple "Value of Item in Expression 1 is NULL" validation condition instead of the SELECT from DUAL. It's a faster an more declarative.

    Regards
    Patrick

    ReplyDelete
  2. Hi,

    You can also create item to page zero and use application process After submit check is item null, and raise error if it is not.

    Regards,
    Jari

    ReplyDelete