I implemented something like that a few weeks ago ( checking time to post and also the referrer) and it does help a lot... most of the bots somehow set the referrer to be the action page.. but some set it to the original form page also.. but the time never looks right.. usually either 0 seconds or way over an hour for the bot . Normal people take anywhere from 10 seconds to a minute. So a combination of time and checking the referer look like it might get 99% of the spam bots for now.. until they start checking and fixing the time code.... then we can play around by encoding the time or just offset it by an hour - so they "overfix" it!
>One of my colleagues suggested a solution that almost works, On the >form page you have a form field which has the time when the form is >loaded (now()), on the action page, you make sure hte field exists, >and then also see if now() now is atleast 1-2 seconds more than the >formfield value (hoping that if it is a bot post, it would be very >quick and less than whatever the interval we set it as, and hence a >bot). Only if the time difference is "human", do you process further. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249630 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
