JavaScript Form Bot Blocker

Website designers and webmasters all face continuous attacks by SPAMmers and hackers who try to abuse their sites. One such problem is attacks from bots that fill in forms on your website to either try to hack into it or to send SPAM. The solution presented here can be very effective because it relies on JavaScript to handle the blocking, which very few bots can detect or process. This JavaScript is a good option for website designers who can't control or modify the target of the form's "action" attribute - such as affilliate sites or those using other remote services.

Keeping bots, even search engine robots, from following your forms can significantly reduce the time webmasters must spend dealing with the problems they cause. Google started following forms that use the "GET" method a while ago in order to increase their coverage of websites that rely on forms for website navigation - a practice fequently used on E-Commerce Websites. But they do so by trying every possible option presented by the form, which can have unintended consequences.


The basic approach is very simple: we use a non-functional target URL for the form's "action" attribute in the HTML mark-up - which is what the vast majority of bots will blindly follow. The target page will simply display an error message so that real users are given a solution. But for everyone else, we use JavaScript to "invisibly" modify the URL so that submissions from real users are processed normally. The result should be to stop form submission from these bots. To demonstrate the script, fill out and submit the simple form shown below. Then, try it again with JavaScript disabled in your browser.


Enter Some Text 

Naturally, because this method is relying on JavaScript, you need to give real users who happen to be running with JavaScript disabled a way of dealing with the situation. The easiest way is to do this is to include a noscript notice on the page where the forms reside, and to also make sure that there are appropriate navigation links on the page you display to blocked users.

The JavaScript required here is very short and simple. The code relies on two arrays to hold page-specific information: 'rdBlockedFormsIDs' to hold the id's of the forms to be blocked, 'rdBlockedActions' to hold the URLs for the desired "action" attribute values for the corresponding forms.


// List of id's of the <form>s to be blocked
 var rdBlockedFormsIDs = new Array('formbot');
// List of URLs to be used to replace the 'action's settings in the forms
 var rdBlockedActions = new Array('http://www.rainbodesign.com/pub/formbot-blocker/success.html');

 function initRDFormBot() {
  var myForms = document.getElementsByTagName('form');
  var el;
   for (var i=0; i<myForms.length; i++) {
    el = myForms[i];
     for (var j=0; j<rdBlockedFormsIDs.length; j++) {
      if (el.id == rdBlockedFormsIDs[j]) {
        el.action = rdBlockedActions[j];
      } // endif
     } // end for j
   } // end for i
 }

if (window.addEventListener) { // W3C standard
  window.addEventListener('load', initRDFormBot, false);
 } else if (window.attachEvent) { // Microsoft
  window.attachEvent('onload', initRDFormBot);
}


You can simply insert this code into selected pages, or save it in an external .js file and use it throughout your website. The only modification you need to do on your pages is to set the "action" attribute of the form tags to point to a page that displays a "submission blocked" message.


My Form Bot Blocker is provided free of charge. If you use and enjoy this software, please place the following link in an appropriate location on your website:

a href="http://www.rainbodesign.com/pub/" Rainbo Design Tools & Scripts/a




This page was last modified on December 09, 2015


Copyright © 2005-2017 by Richard L. Trethewey - Rainbo Design Minneapolis. It's not that I think this is such an earth-shatteringly great presentation, but if you want to copy it, I'd appreciate it if you would ask for permission. I've been working with computers for over 30 years now, and one phrase keeps popping into my head - "I hate it when it's right!" And laptops and smartphones are no better.

Looking for more website design information? See my Sitemap!


  Share This Page!  
Still Have Questions? 
Talk To Me! Click Here!