|
||||
|
|
ASP Prove You're Human By Richard Rost 
6 years ago
This is my first ASP video since 2008. It's been a little while. In this Active Server Pages tutorial, I'll teach you a quick way to foil spam bots on your web site with a simple math question. We'll look at using text and images to make sure you have a human entering information.
IntroIn this video, I'll show you how to add a simple math question to your website forms using Microsoft Active Server Pages (ASP) to help prevent spam bot signups. We'll look at how to generate random numbers for a basic math challenge, store those values using session variables, validate user input, and even display the math question as images for added security. This quick, custom technique is a straightforward way to protect your site without relying on third-party CAPTCHA solutions.TranscriptWelcome to another TechHelp question brought to you by ASP Learning Zone. I am your instructor, Richard Rost.It's been a while since I've done an ASP tip. In today's lesson, I'm going to show you how to prove that you're human—a quick way to foil spam bots on your website with a simple math question. Today's question comes from Max, who's taken my ASP classes. He says he set up a basic form on his website to capture user signups: first name, last name, email address, and so on. Every day lately, it seems like I get dozens, if not hundreds, of fake submissions from what seems to be a bot. The names are all gibberish, and the email addresses are all bogus @gmail.com addresses. I used to get tons of those too. It seems every time I put a new form on my website, if I don't put the solution I'm going to show you right now on it, I get all kinds of spam bots hitting it. I don't know why people feel the need to do this. There's nothing they can gain from it except annoying me. He continues to say, I really don't like CAPTCHA. I'd rather have my own custom solution without using third-party servers. CAPTCHA is actually really easy to set up on your website. I played with this once myself. It's only two lines of code, but it does rely on another company's servers. If you want to keep everything in-house, then you can build your own solution. He asks if there is a quick solution to deal with this. It doesn't have to be perfect, just cut down on these damn bots. Sincerely, Max. We can do it relatively easily with only a couple of lines of code. I like to do a simple math question. Most people can answer a simple math question like what is 4 plus 3? It's not very invasive at all, and I'll show you a quick way that you can, once they enter that, mark them as logged on so they don't have to keep entering it. I've got a basic form set up on my website. Yes, I'm using an older version of Internet Explorer for class. I use Google Chrome myself, but I don't want you seeing all my toolbars and icons and everything I have set up. Here's an old copy of Internet Explorer, which works just fine. In this form, real simple, I could put Richard and Rost and then hit submit. The process page says, Hello, Richard Rost. This is obviously where you would then submit this information to your web server to store on your table, your database, whatever. I cover all this stuff in my classes. Let's take a look at the ASP and the pages real quick. Here's my default page, my form page. Form method is POST, and I've cut all the extraneous HTML we don't need to see: headers, titles, and all that stuff. Form POST method, and then action is process.asp. That's the page we're sending it to. Again, I cover this in my classes. First name field, last name field, and an input type that's our input button or submit button. That sends it to process.asp, which is this page. Literally all I'm doing is requesting first name, requesting last name, and then displaying it with response.write. Very simple ASP. Yes, I know I can use request.form here to limit it so that it only receives submission from a form. But I like to do it this way sometimes because you can also send it from a query string. You can put firstname=something on the query string. If you really want to cut down on bots though, they'll get around it. They'll still figure out how to do it as a form submission, but this is easier for now. The first thing you can do is just verify that the data that is submitted to you is valid. That's one thing you can do. You can say here something along the lines of if firstname is blank, then whatever you want to do, you can just response an error. Response.write "Missing first name," like that, and then response.end. Do the same thing with last name. So that's the first way to foil bots—just make sure the data is valid. Missing last name. Save that. And if I go back to my web browser here, back it up. If I'm missing either one of these things, missing first name. You can check things like credit card number. You can check the length of the credit card number. You can check to make sure the first digit is a 3, 4, 5, or 6. You can do a Luhn check. There's all kinds of things you can do. I'm going to cover these in one of my upcoming Access classes, by the way. When I get around to it, I'll put it in an ASP class too. There are a lot of things you can do just to verify that the data that is actually entered is correct. But the next thing we can do is actually throw a math question on this form. Let me switch over here to Design View. Let me slide this up so you can see the tabs on the bottom. I'm using Expression Web, by the way, which is the new replacement for FrontPage. I know last time I recorded an ASP class, I was still using FrontPage. I just did a quick lookup in my course database. 2008 was the last time I did an ASP class. It was ASP 304. 2008, so it's been 12 years. Wow, I feel old now. Anyway, let's put a math question on here. Let's put a math question on the form. Just a simple, what is 8 plus 2 kind of question. So let's generate 2 random numbers first. Let's put some ASP up top here in the top of our form. Now, I cover random numbers in my ASP 103 class. The first thing we have to do is randomize the number seed. That just scrambles all the numbers up in the computer's memory. Basically, there's more to it than that. We're going to make two session variables called math1 and math2. So math1 is going to be equal to int(rnd * 10). What that does is give me a random number between 0 and 9. That's how that works. It's this minus 1. So between 0 and 9, which is exactly what we want. Same thing with math2. You can make these as complicated as you want. I'm going to keep them simple. It is just to throw the bots off. Math2 is the same thing. Why are we assigning the session variables? I want them to stay in the computer's memory because we're going to, in a minute, pass to another page. I'm going to need to know what those are. I don't want to put them in the form because I don't want the bot to understand what they are. But I want to save them in the computer's memory. If someone really wants to go through the hassle of actually programming something to read this page and pull those numbers in and then calculate the math on their own, okay, great. You could do that. But this again will foil most basic attempts. Another option, if you want to get fancy instead of displaying the numbers as text, is to display them as pictures. Make up little pictures of the numbers and then just display that image. Which actually is a bad idea. Maybe I'll throw that on the end of the lesson here. But let's do this first with just text. Let's get rid of that stuff there and put our little math question right in here. Just say, "What is," and then we're going to put in here =Session("math1"), and then a little plus sign, and then the same thing with math2. Copy and paste. Change it to 2. Save it real quick. If I come back and refresh my browser, you can see there I got 8 plus 9. If we hit refresh again, we keep getting random numbers just like that. 0 plus 3, 5 plus 0, 6 plus 2, and so on. Right here, we can throw our little input box like that. I'll call this guy "math," or you can call it "answer" or whatever you want to call it. Save it. Check out our form. What is 1 plus 2? You can make this pretty. My goal here isn't to make it pretty; my goal is to show you how it works. Obviously, I'd throw this in some kind of a form and set the fonts and all that good stuff, but for today's lesson, this is fine. Now I've got my math1, math2. I've got those set as session variables, so I can access them on the next form, on the next page. Let's go over to the process page and let's get math. We're going to say on this page here, math = Request("math"). Again, we can check it to make sure that there's something entered. If math = blank, then we could say "Missing answer to math question." So now if I test it, come over here and leave this blank, I get "Missing answer to math question." Perfect. Now we can actually test and see if it's correct. If the answer provided is correct. Keep in mind all of my variables right now are string variables. Math and math1 and math2 are all stored as string variables. We have to convert them over to integer or long, whichever you prefer. I usually use long as it works in every case. So I'm going to say if CLng(math) is not equal to CLng(Session("math1")) + CLng(Session("math2")), then we'll write out some error message. "Incorrect math answer," or whatever you want to put in there. I like to put some kind of a message in there that's generic that doesn't hint to the bot or spam people that they need to work on their bot. I'll put something like "Error processing order. Contact customer service," or something along those lines. I don't like to tip my hand. Now let's go test it. Richard Rost, and that should be 15. Actually, let's put a wrong value in there first. Let's put 19 in there. "Incorrect math answer." Back it up. Let's put the right one in there, 15. Submit. And there we go. Hello, Richard Rost. Of course, now at this point in the code, this is where you will put in the processing: sending it to your form, whatever you want to do, saving your database. We've gotten success at this point. I mentioned an option before—instead of putting the numbers in here, because if you're a spammer, you could probably with minimal coding write something to just look for those numbers and put them in with your bot. It would be a little harder if we could display those numbers as images. I'm just going to load up trusty MS Paint. Comes with Windows. I love Paint. Easy. Let's use our text tool, which is right there on the home menu. Put a number one in there. Maybe slide that up, like so. Resize this like that. Maybe make these numbers bigger. That's kind of small. Let's make it bigger. Let me get rid of them and cut that out. Get rid of that. Let's go to text. Let's go on the text thing here. Let's go maybe 18 points. Okay. You can make it obscure; you can do whatever you want. Let's go with Courier. Courier is a nice computer-y font. There's number one. We'll just shrink this down to be as big or as small as we want it to be. Do a little bit of this. There's number one. You can put a border around it. You can do whatever you want. Save it. Control-S. I'm just going to save this. You can save it as a PNG or a GIF or a JPEG or whatever. I'm going to make this one "1.jpeg." Save that. Then we'll just have to copy these up to the server. Let's change this now. Let's make this a two. Whoops. I forgot with Paint, you're going to have to delete the old ones because once you drop it on the canvas, it becomes an image. We have to select and delete it like that, and then make the next one, like so. Put a two in there. Then center it by selecting it and then dragging it like that. Save this one: File, Save as, "2.jpeg," and so on. I'm not going to make you watch me do all of them. I'll do all ten of them right now real quick. Okay, so I've got all my images 0 through 9 made. I'm going to create a new folder inside of my test folder for class. New folder. I'll call this "images." Now I'll go into that images folder. Go over to the desktop folder where I created all these images. Select them, click and drag and drop them in here. FrontPage or Expression Web or whatever you're using will FTP them up to the server. Should only take a second. There they are. Now let's go back to default here, and instead of writing that out, we're going to drop an image in here with that as the file name. So it's going to be tag img src="images/[variable].jpeg". That's all you have to do to put that in there as 1.jpeg, 3.jpeg, whatever. Same on the other side. Copy, paste it there. I'm lazy; I copy and paste everything. Right there. Save that. Let's take a look at it. Go over to our browser, refresh the page, and—oh, I forgot. They're in the images folder. That is just 1.jpeg. We have to put in here images/. My bad, my mistake. I forgot that little bit. Images. Images. Save it again. Even I make little goofs from time to time. Refresh. There we go. 4 plus 3. You can take your time and make this all line up properly. You get it. There's images right there. See those images. Make them fit nice. Spend some time on it. Make it look pretty. Now, could a spammer defeat this too? Yeah, sure they could. They could read the HTML of the page and find out the name of the file. No matter what you do, there's always a way around it. Someone else could figure something out. You could name these files randomly if you wanted to. Instead of it being 1.jpeg, it could be like snowbird.jpeg or something. The spammers are usually just one step behind the developers. So this will foil most people. You want to just make it difficult for them to try and figure it out. This is good enough for most websites. We're not building a site for the Pentagon here. That's it. That's how to handle putting a simple little math question on your forms to defeat those spam bots. One last note. I'm going to leave this up on the website for you. If you want to grab my little images and use them on your own site or just make your own, I moved it to this folder: 5.9cd.com/ASP/course/math. That's where you can find these files. Of course, you won't be able to download the ASP and default because the server will render them, but you can play with them if you want to. If you want to grab the images, they're in the images folder. That's all for this lesson, folks. I hope you learned something. Once again, my name is Richard Rost. If you enjoyed this lesson and you're watching me on YouTube, make sure you subscribe to my channel and ring that bell to get notifications whenever I release something new. If you're watching on my website, make sure you visit the Active Server Pages forum under the forums section and hit the subscribe button there. You'll get email notifications every time I release a new video. Got a question you'd like to see answered? Drop it on my TechHelp page or post it in the forums or put it in the comments below. If I like it, maybe I'll make a TechHelp video about it. Of course, if you like my videos, you can watch my full ASP Level 1 course on my website. Absolutely free of charge. There's the link. If you like Level 1, Level 2 is just $1. It's a great deal. Whole hour-long classes here, folks. Thanks for watching and I hope you enjoyed. We'll see you next time. QuizQ1. What is the main purpose of adding a simple math question to a web form as described in this video?A. To entertain users with math problems B. To verify that submissions are from humans, not bots C. To collect mathematical skills data from users D. To perform calculations for database storage Q2. Why does Richard recommend against using standard CAPTCHA in some cases? A. It is overly complicated to implement B. It requires users to enter multiple forms of identification C. It relies on third-party servers D. It is not supported in ASP Q3. What type of server-side variable is used to store the random numbers for the math question so that they are accessible on the next page? A. Global variable B. Cookie C. Session variable D. Local variable Q4. How are the random numbers for the math question generated in ASP? A. Using Math.random() B. By hardcoding the numbers C. Using int(rnd * 10) after randomizing the seed D. By asking the user to input random numbers Q5. Why are the random numbers stored as session variables instead of being included in the form? A. To prevent users from seeing the numbers B. To make it easier for bots to fill out the form C. To ensure they persist between page loads and are not easily manipulated D. To speed up the webpage loading time Q6. What is a simple additional step that Richard suggests could further hamper spam bots from reading the math question? A. Displaying the numbers as images instead of text B. Encrypting the page headers C. Adding more form fields D. Using JavaScript alerts Q7. What should you do on the processing page if the answer to the math question is missing or incorrect? A. Submit the form anyway B. Show a generic error message without revealing details C. Display the correct answer to the user D. Log the user in automatically Q8. What conversion does Richard recommend before comparing the user's answer and the session numbers? A. Convert to string B. Convert HTML to plain text C. Convert to integer or long using CLng D. Convert to currency Q9. What is the reason for potentially displaying numbers as images rather than text for the math question? A. To make the form look more appealing B. To prevent screen readers from accessing the numbers C. To further obstruct bots from easily extracting the numbers from the page source D. To increase the file size of the webpage Q10. According to Richard, what is ultimately true about trying to defeat spam bots? A. Bots can never defeat image-based systems B. No method is perfect, but adding complexity deters most basic attacks C. Only expensive third-party systems work D. It is impossible to prevent all spam submissions Answers: 1-B; 2-C; 3-C; 4-C; 5-C; 6-A; 7-B; 8-C; 9-C; 10-B DISCLAIMER: Quiz questions are AI generated. If you find any that are wrong, don't make sense, or aren't related to the video topic at hand, then please post a comment and let me know. Thanks. SummaryToday's video from ASP Learning Zone covers a practical and straightforward method for proving that users on your website are human in order to diminish spam bot submissions. My name is Richard Rost, and in this lesson, I want to share with you an easy solution that uses a simple math question, rather than the more complicated and sometimes inconvenient CAPTCHA services.A student named Max had set up a basic user signup form on his website to collect details like first name, last name, and email address. He noticed that he was receiving a large volume of fake signups, most likely submitted by automated bots, with nonsensical names and invalid email addresses. Max also mentioned his dislike for CAPTCHAs, especially those that depend on external services, and asked if there was a homegrown alternative that could cut back on bot submissions even if it was not perfect. I've run into this issue myself many times, and every time I create a new form, if I do not put some form of human verification in place, I'm immediately targeted by spam bots. One of the simplest and most effective solutions is to ask the user a basic math question, such as "What is 4 plus 3?" Most people can answer this easily, and it does not feel invasive. The basic idea is to set up your form as usual, with inputs for first name, last name, and so on. Then, you present a math question using two random numbers. On the backend, when the form is submitted, you check whether the user's answer is correct before proceeding further. First, it's important to ensure that users submit valid data by checking for missing entries, such as blank first or last names. You can reject submissions that do not meet this basic requirement. Beyond this, you can add other validations, such as checking the format of a credit card number or even carrying out a Luhn check for card validity. Adding a math question involves generating two random numbers to use in a simple addition problem. You store these numbers in session variables so that they persist when the form is submitted. You then display the question on the form and provide an input field for the answer. When the form is posted to your processing page, you retrieve the answer and verify that it's not left blank. Then, you compare the user's response to the correct sum. If the answer is wrong, you display a generic error message, so as not to give spammers clues about why the submission failed. If the answer is correct, you can proceed with saving the user's details to your database or any other follow-up actions. While this method is very effective at deterring most bots, some persistent attackers could program their bots to read the numbers from the form and generate the correct response. To make it even harder for bots, you could display the numbers as images instead of text, so automated scripts cannot simply read them out of the source code. Creating these number images is easy using a program like MS Paint. Just make separate images for each digit from 0 to 9, save them as individual files like "1.jpeg", "2.jpeg", and so on, and upload them to your server in an images folder. On your form, display the random numbers as images rather than text, so a user sees a visually presented math problem. This doesn't make your form unbreakable, but it raises the bar for spammers, who would now have to add some type of optical recognition to their bots. For most websites, this level of deterrence is more than adequate. If you want to experiment with the number images I've created for this lesson, you can access them in the folder I specified during the video. Using these or your own makes this approach quick to set up and fully controlled by you without any reliance on third-party services. That's the gist of how you can easily add a custom math question to your website's forms to stop the majority of spam bot signups. If you have further questions, want to suggest a new topic, or would like in-depth lessons, make sure to visit my website. You can find a complete video tutorial with step-by-step instructions on everything discussed here on my website at the link below. Live long and prosper, my friends. Topic ListCreating a basic ASP form for user signupsSubmitting form data using POST to another ASP page Requesting and displaying submitted form field values in ASP Validating user input for blank form fields in ASP Displaying error messages for missing form fields Generating random numbers in ASP using Randomize and Rnd Storing values in ASP Session variables Adding a simple math question to a web form for spam prevention Displaying dynamically generated math questions on a form Collecting and validating the answer to a math question Checking user input against session-stored values in ASP Converting string input to integers using CLng in ASP Displaying error messages for incorrect math answers Creating and saving number images using MS Paint Uploading image files to a web server using Expression Web Displaying images dynamically in ASP with img src and variable filenames Using images instead of text for math questions on forms Organizing image assets in a project folder structure |
||||||||||||||
|
| |||
| Keywords: TechHelp ASP math question foil spam bots captcha PermaLink How To Stop Spam Bots With Simple Math Questions and Image Verification in Active Server Pages ASP |
