Richard Cooper wrote: > > Quick question though, would any of my previous ideas work? > > * Check the form was actually submitted from within the site? Perhaps via > CGI. although I'm sure that may have issues as well.
CGI.HTTP_REFERER can be spoofed quite easily. > * A field that checks when loaded vs submit time? Are the spam bots the > submit bots, or is there a delay between the two. Not sure how you'd do this unless you were using session vars. You could put the form load time into a hidden form var - but have it encrypted with a key that only you know, and unencrypt the code on the server and then do a datediff. That would prevent people from submitting your form from a script.. they'd have to dynamically pull your form every time. > * The scriptProtect function in Application.cfc? Is this applciable Not really, no. rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260407 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
