Search code examples

.asp honeypot for contact form

I'm caught in a hard place where I am being forced to use ASP classic on some web forms. I don't want to get spammed, but I am unaware of how to create a honeypot with .asp classic.

Is this possible or will I have to use a captcha field?

Or is there a better way to prevent spam with asp classic?

Form Fields:

<div class="row">
            <div class="col-md-offset-1 col-md-10">
                <form class="form-horizontal" role="form" method="post"      action="submit.asp">
                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <input type="text" class="form-control" name="Name" placeholder="Name" required/>
                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <input type="email" class="form-control" name="Email" placeholder="Email" required/>
                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <input type="tel" class="form-control" name="Phone" placeholder="Phone Number">
                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <input type="text" class="form-control" name="Subject" placeholder="Subject">
                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <textarea name="Info" class="form-control" rows="3" placeholder="Message"></textarea>

                    <div class="form-group">
                        <div class="col-md-offset-2 col-md-8">
                            <button class="btn btn-theme btn-lg btn-block"type="submit" value="Send">Send message</button>


Dim EmailFrom
Dim EmailTo
Dim Subject
Dim Name
Dim Phone
Dim Email
Dim Questions

EmailFrom = "[email protected]"
EmailTo = "[email protected]"
Subject = Trim(Request.Form("Subject"))
Name = Trim(Request.Form("Name"))
Phone = Trim(Request.Form("Phone")) 
Email = Trim(Request.Form("Email")) 
Questions = Trim(Request.Form("Info")) 

Dim Body
Body = Body & "Name: " & VbCrLf
Body = Body & Name & VbCrLf
Body = Body & "Subject: " & VbCrLf
Body = Body & Subject & VbCrLf
Body = Body & "Phone: " & VbCrLf
Body = Body & Phone & VbCrLf
Body = Body & "Email: " & VbCrLf
Body = Body & Email & VbCrLf
Body = Body & "Questions: " & VbCrLf
Body = Body & Questions & VbCrLf

Dim ObjSendMail
Set ObjSendMail = CreateObject("CDO.Message")
ObjSendMail.Configuration.Fields.Item ("") = 2 
ObjSendMail.Configuration.Fields.Item ("") =""
ObjSendMail.Configuration.Fields.Item ("") = 00
ObjSendMail.Configuration.Fields.Item ("") = False 
ObjSendMail.Configuration.Fields.Item ("") = 60


ObjSendMail.To = "[email protected]"
ObjSendMail.Subject = "Website Request"
ObjSendMail.From = EMailFrom
ObjSendMail.TextBody = Body

Set ObjSendMail = Nothing



  • I have had good luck with using 3 types of spam prevention on every submit page even sign in and sign up pages. Because ASP is kind of old you might want to keep it simple and only use numeric values as checks with one hidden spam bot field. Keep the human approach. Note: Code is just pieces of my active site, take the ideas and be creative for your site.

    • Email Forms: hidden field, math question and captcha.
    • Registration page: math question and captcha.
    • Login (sign in): math question.

    1. Hidden field

    <input type="hidden" name="email" value="" />

    Maybe your code looks like this:

    Response.Write("<input type=""hidden"" name=""email"" value="""" />" & vbCrLf)

    2. Numeric question: This requires a simple function and it does a very good job. We want to randomize numbers 1 to 9 so no answer is ever higher than 18 and never 0.

    str1R = RandomNumber(1,9)
    str2R = RandomNumber(1,9)
    Session("str3") = (str1 + str2)
    Function RandomNumber(LowNumber, HighNumber)
         RandomNumber = Round((HighNumber - LowNumber + 1) * Rnd + LowNumber)
    End Function

    HTML might look like:

    <label>Question: What is <%=str1R%> + <%=str2R%> ?</label>
          <input type="number" name="question" id="question" required />
          <input type="hidden" name="a" id="a" value="1" />
            strA = Request.Form("a")
                strQuestion = Left(Request.Form("question"),2)
                    If IsNumeric(strQuestion) Then
                    'do notta
                    strQuestion = -1
                    End If
                    If IsNumeric(Session("str3R")) Then
                    Session("str3R") = Trim(Session("str3R"))
                    Session("str3R") = 0
                    End If
                strMath = ((Session("str3R") - strQuestion) = 0) 'Now we have True or False
    If (strMath = True) Then 'Do your ASP Classic Stuff.
            Select Case strA
            Case 1
            'Sends Email
            Case 2
            'Submits Registration
            End Select
        End If

    3. CAPTCHA I mean the CheckCAPTCHA() function not those "I can't ever seem to read" I've used numeric values for Captcha for 16 years and only had 2 complaints, when I tried the more complex versions so many couldn't see the letters and numbers very clearly. (ASP = OLD + Members)

    Google: Dim newBitmap(21,87) Dim vDistort(8) In the number one slot of your google results should be the full ASP Classic Numeric Captcha code. It's old, It's Numbers, It works. I don't think modern BOTS even detect this old bitstream. (humor)

    If you need working examples just ask, takes a bit to setup a test page but if you're new to forms and need spam prevention it's best to learn more than one method. At any "False" point of all form submissions you should know if it's Human or BOT.

    I often stop code on BOT traffic with Response.End

    With Humans I response with instructions and what might have gone wrong "The math question, you missed it by x much"

    The Math Question can be replaced with an image "What is in this picture?" using a dog,apple, cat, something with limited possible responses.