Yeah, It's easy for any body to get by any of them... but normally, theyll just move on to an easier target. Which is really all you can hope for when you implement anything to detour them. ..:.:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com
-----Original Message----- From: Jacob Munson [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 2:21 PM To: CF-Talk Subject: Re: Spammers getting at my forms and submitting I saw someone do a trick like that once, and a geeky spammer looked at the code and passed the hidden field with their bot code. 99.99% of the time a trick like this works, but its easy for a persistent scum bag to get by it. I had the same problem and got around it by. > > 1. Setting a random 4 digit number at beginning of the form page as a > session variable and assigning this as a hidden form field. > > 2. On the thanks for contact, form processing page I check the value of > the > form var against the session var and if not the same the form is rejected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:226275 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
