There have been a few threads on here in recent weeks discussing various ways to stop spam bots from attacking your public forms. Even though most developers these days are using obfuscated text CAPTCHA, this method is painful to the user, and it blocks blind people. I've mentioned a few times that I'm "almost ready" to release an updated version of CFFormProtect that would attempt to stop spam bots without making the user do /anything/ extra, while at the same time being fully automated and accessible. Ben Nadel and a few others have shown good methods to do this, and I've implemented some of these suggestions (I hope they don't mind), as well as added a few of my own. CFFormProtect is unique in that it uses many tests to stop spam, and the form contents themselves are the basis of the tests. This is what happens: A form submission occurs and CFFormProtect checks these things: 1. Did the user move their mouse? 2. Did the user type on their keyboard? 3. How long did the form submission take? Check an upper and lower time limit. 4. Is a hidden form field empty, as it should be? Spam bots usually fill out all form fields. 5. Does the Akismet service flag the message as spam? Numbers 1 and 2 use JavaScript, so if JS is disabled these tests will fail. Numbers 1 through 4 can all be easily bypassed if a spammer hires cheap labor to manually fill out forms. But #5 will stop most of those attempts as well (see http://akismet.com/ for details). CFFormProtect assigns penalty points to each test, and a form submission is not flagged as spam unless a threshold is passed. This is all easily configurable by the developer. I put CFFormProtect on my CFQuickDocs contact form late last week, and I have yet to receive 1 piece of spam (however, this form was previously protected by a math question, so spammers might have written it off already). More details available at the project page: http://cfformprotect.riaforge.org/ If you have ideas for additional tests that I could add, or if you have any criticism please let me know! :) CFFormProtect is open source, and is released under the Mozilla Public License v. 1.1. ------------------- Jake Munson Web Team Idaho Power Boise, Idaho 208-388-5665
------------------------------------------------------------------------------ This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ============================================================================== "EMF <idahopower.com>" made the previous annotations. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262735 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
