[ic] Re: Spammers circumventing form checks
Salvador Caballé EA3BKZ
ea3bkz at amsat.org
Tue Oct 9 13:12:47 EDT 2007
En/na Bill Jones ha escrit:
>
>
> We run up against this challenge almost daily in our hosting business.
> Unfortunately, because a form is submitted by the user's browser and not
> by a server it makes securing the form much more difficult. You can have
> your CGI program check the referrer against the URL of the form but
> spammers can easily spoof that as well. We've had success securing
> forms with two methods. The first is to have the form dynamically
> created by a simple, server-side program that includes a hidden field
> with a unique identifier in it. This server-generated field is stored in
> a database as well as included in the form's hidden field. On our
> systems it takes the form of a GUID. This is similar to captcha but
> does not require any input from the user. When the form is submitted,
> the GUID is checked against the database for validity. If the GUID does
> not match, no response is submitted; the request goes unanswered. We
> also implement the other way of securing a form, which is by blocking
> the IP addresses of "users" who are abusing the form. In our case,
> there are two ways to add an IP address to the black list. The first is
> manually; the second is through the form processing program. We set
> thresholds for the number of submissions in a given period of time and
> the program compares the number of submissions from an IP each time a
> form is submitted. Both of these solutions require programming expertise
> but I doubt that'll be a problem here :-)
>
> - Bill
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 9 Oct 2007 03:49:41 -0700
>> From: Grant <emailgrant at gmail.com>
>> Subject: [ic] Spammers circumventing form checks
>> To: interchange-users at icdevgroup.org
>> Message-ID:
>> <49bf44f10710090349t61528abap9e856277e12c7464 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> I have a check set up in my email form that would prevent the spam I
>> receive through there from being sent, but it doesn't seem to be
>> preventing it. I guess this means the spammers are posting directly
>> to the server and not using the actual page. Is there any way to
>> prevent this from happening?
>>
>> - Grant
>>
>>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>
Check this:
http://www.icdevgroup.org/pipermail/interchange-users/2005-October/044133.html
Salvador
More information about the interchange-users
mailing list