We run up against this challenge almost daily in our hosting business. Unfortunately, because a form is submitted by the user's browser and not by a server it makes securing the form much more difficult. You can have your CGI program check the referrer against the URL of the form but spammers can easily spoof that as well. We've had success securing forms with two methods. The first is to have the form dynamically created by a simple, server-side program that includes a hidden field with a unique identifier in it. This server-generated field is stored in a database as well as included in the form's hidden field. On our systems it takes the form of a GUID. This is similar to captcha but does not require any input from the user. When the form is submitted, the GUID is checked against the database for validity. If the GUID does not match, no response is submitted; the request goes unanswered. We also implement the other way of securing a form, which is by blocking the IP addresses of "users" who are abusing the form. In our case, there are two ways to add an IP address to the black list. The first is manually; the second is through the form processing program. We set thresholds for the number of submissions in a given period of time and the program compares the number of submissions from an IP each time a form is submitted. Both of these solutions require programming expertise but I doubt that'll be a problem here :-)
- Bill
---------------------------------------------------------------------- Message: 1 Date: Tue, 9 Oct 2007 03:49:41 -0700 From: Grant <suppressed> Subject: [ic] Spammers circumventing form checks To: suppressed Message-ID: <suppressed> Content-Type: text/plain; charset=ISO-8859-1 I have a check set up in my email form that would prevent the spam I receive through there from being sent, but it doesn't seem to be preventing it. I guess this means the spammers are posting directly to the server and not using the actual page. Is there any way to prevent this from happening? - Grant
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.