Have you found invalid email addresses creeping into your list via the subscription page? It could be a sign that malicious bots are attempting to access your site.

Bots can exploit the data entry fields on your subscription form to enter bogus names and email addresses. They can also insert URLs in hopes of having them posted on your site for SEO purposes. More troubling, they can insert malicious code designed to look for vulnerabilities in SQL or Javascript in order to hack your website.

Here are some tips for preventing bots from exploiting your subscription form:

Captcha
Add Captcha to your subscription page. Although not the most elegant solution from a usability perspective, Captcha is effective at blocking most bots.

Block IPs
In many cases, bots will originate from just a few IP addresses located in Russia or China. Track IPs used for adding invalid data, identify those from common IPs and block them at the firewall.

Block Repeat IPs
Bots will often attack a form repeatedly over a short period of time. Block frequent submissions from the same IP address.

Block Email Addresses
Bots sometimes enter the same email address over and over. Block email address that are submitted repeatedly. Don’t include a submission failure message to ensure the bot doesn’t know it is being blocked.

CSS Field
Include a CSS hidden form field with a preset value. Real users won’t see the field or enter any data, where as a bot will. Validate the preset value to block bots.

Profanity Filter
Sometimes bots insert profane language into forms. Use a third-party profanity filter such as WebPurify (http://webpurify.com) to check submissions before they are added to your database.

Verification Service
Take advantage of a third party verification service such as BriteVerify or LeadSpend to verify email addresses in real time.