I thought I'd share a handy tip here, for anyone who has some sort
of "contact us" page on their website.
Put this on the page that shows your "contact us" form:
[set post_allowed]1[/set]
Put this at the top of your form catcher page (mv_nextpage):
[if !scratch post_allowed]
[bounce page="spam_trap"]
[/if]
With the above in place, nobody can create a script to emulate the
form and automatically post junk unless (1) the script first makes
a visit to the actual form, and (2) makes use of the session ID in
their subsequent visit to your mv_nextpage. Ordinary users will not
be affected by this at all.
The "spam_trap" page should send something incriminating to an abuse
log. For instance, you should log the scumbag's IP address, the
message text and the content of all of the other fields prompted for
by your form. A short message in the error.log file is also a good
idea.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ suppressed
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.