[ic] Re: Spammers circumventing form checks

Salvador Caballé EA3BKZ ea3bkz at amsat.org
Tue Oct 9 13:12:47 EDT 2007 

En/na Bill Jones ha escrit:
> 
> 
> We run up against this challenge almost daily in our hosting business. 
> Unfortunately, because a form is submitted by the user's browser and not 
> by a server it makes securing the form much more difficult. You can have 
> your CGI program check the referrer against the URL of the form but 
> spammers can easily spoof that as well.  We've had success securing 
> forms with two methods.  The first is to have the form dynamically 
> created by a simple, server-side program that includes a hidden field 
> with a unique identifier in it. This server-generated field is stored in 
> a database as well as included in the form's hidden field. On our 
> systems it takes the form of a GUID.  This is similar to captcha but 
> does not require any input from the user. When the form is submitted, 
> the GUID is checked against the database for validity. If the GUID does 
> not match, no response is submitted; the request goes unanswered. We 
> also implement the other way of securing a form, which is by blocking 
> the IP addresses of "users" who are abusing the form.  In our case, 
> there are two ways to add an IP address to the black list. The first is 
> manually; the second is through the form processing program. We set 
> thresholds for the number of submissions in a given period of time and 
> the program compares the number of submissions from an IP each time a 
> form is submitted. Both of these solutions require programming expertise 
> but I doubt that'll be a problem here :-)
> 
> - Bill
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 9 Oct 2007 03:49:41 -0700
>> From: Grant <emailgrant at gmail.com>
>> Subject: [ic] Spammers circumventing form checks
>> To: interchange-users at icdevgroup.org
>> Message-ID:
>>     <49bf44f10710090349t61528abap9e856277e12c7464 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> I have a check set up in my email form that would prevent the spam I
>> receive through there from being sent, but it doesn't seem to be
>> preventing it.  I guess this means the spammers are posting directly
>> to the server and not using the actual page.  Is there any way to
>> prevent this from happening?
>>
>> - Grant
>>
>>   
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 


Check this:

http://www.icdevgroup.org/pipermail/interchange-users/2005-October/044133.html

Salvador

More information about the interchange-users mailing list