>- see footer for list info -<
Yes that would be simple.
<input type="text" name="timer" value="#now()#">
And on the submit page, lets assume you know it takes a human at least 1
minute to fill out your form.
<cfif Datediff('n', form.timer, now()) LT 1>
Reject
</cfif>
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dominic Watson
Sent: 18 August 2006 01:20
To: Coldfusion Development
Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>- see footer for list info -<
I am an ignoramus on this subject but a thought occurred to me whilst
reading....
When a bot does this auto form filling, does it do it instantly? If so,
would it be possible to somehow measure the time taken to fill in the form
(time taken between requesting the form page and the form result page
perhaps). Based on this time, the server could then reject the form
submission or allow it.
A thought. I'm sure not an original one.
On 17/08/06, Snake <[EMAIL PROTECTED]> wrote:
>
> >- see footer for list info -<
> Usually they are trying to hack vulnerabilities in web sites that
> allow thent o modify the mail headers and send spam out to multiple
> people via your mail forms.
> CF doesn't suffer form this problem, so only the person who is meant
> to get the feedback form gets the spam.
>
> Russ
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Damien
> Gallagher
> Sent: 17 August 2006 09:22
> To: Coldfusion Development
> Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>
> >- see footer for list info -<
> Out of interest, what are they getting out of submitting, say, a
> feedback form loads of times?
>
>
>
> Rich Wild wrote:
>
> >> - see footer for list info -<
> >
> > oh, I see, that's what a captcha is..
> >
> > God I'm so old, I can't keep up with these new fangled wizbits.
> >
> > Anyway, if like me, you're not a fan of plugging other people's
> > things into your site without knowing what they do, that's basically
> > the theory.
> >
> > On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> "The only difficulty would this is get-aroundable by bots, assuming
> >> any bot writer cares enough about your site to spend the time
> >> rewriting their bot to regex your form field to get the magic
> >> word."
> >>
> >> Aha - so don't use words, use images.
> >>
> >> I've done this before, and its a little fiddly, but practically
> >> 100% spam safe.
> >>
> >> On the page hit, read a directory full of images that have magic
> >> words written on them, the file called the same as the magic word.
> >>
> >> Get a random one of those filenames:
> >> <cfset session.secureImageName = qryImageNames.name[randrange(1,
> >> qryImageNames.recordcount)]>
> >>
> >> set that to a session and display the image in the form - however,
> don't
> >> display it using simple <img src="images/secureImages/HYU78.jpg">
> >>
> >> instead, use a CF page that serves up an image with the appropriate
> >> mimetype using cfcontent
> >>
> >> <img src="serveSecureImage.cfm">
> >>
> >> In serveSecureImage.cfm, you read the session variable (
> >> session.secureImageName ) you set before and return that using
> >> cfcontent.
> >> This means that bots can't simply read the html on the page and
> >> find
> the
> >> filename and use that in the input as the magic word.
> >>
> >> Alternatively, use an image making tag to write a randomly pulled
> >> magic word from a database or equivalent and simply serve that -
> >> this way
> just
> >> stops you having to have a directory full of images, but I had fun
> >> making those.
> >>
> >> If the magic word posted in the form don't fit the served image -
> >> don't send the mail!
> >>
> >> Richio McStitchio
> >> Chief Neckchief
> >> http://www.theideasbarn.com
> >>
> >>
> >>
> >> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote:
> >> >
> >> > >- see footer for list info -<
> >> > I'm not a fan of captchas. Generally inacessible, unless you
> >> > also
> >> make
> >> > an audio version available, and even then not the nicest hoop to
> >> make users
> >> > jump through.
> >> >
> >> > One method I've seen elsewhere, but haven't used myself, is an
> >> > additional input box:
> >> > The magic word is blah. Please enter the magic word.
> >> >
> >> > The only place I've seen this method is the mysociety sites, e.g:
> >> > http://www.mysociety.org/?p=103
> >> >
> >> > The only difficulty would this is get-aroundable by bots,
> >> > assuming
> any
> >> > bot writer cares enough about your site to spend the time
> >> > rewriting
> >> their
> >> > bot to regex your form field to get the magic word.
> >> >
> >> >
> >> > Duncan Cumming
> >> > New Media Developer
> >> > Customer Relations Management / Education Fife Council 700 4105 /
> >> > 01592 414105
> >> >
> >> > >>> [EMAIL PROTECTED] 16/08/2006 14:25 >>>
> >> > >- see footer for list info -<
> >> > Hi all.
> >> >
> >> > I have a contact form which submits an email (cfmail) The form is
> >> > being hit by a web bot and sent hundreds of times
> >> >
> >> > Is there any way I can stop this?
> >> >
> >> > regards - paul
> >> >
> >> >
> >> > _______________________________________________
> >> >
> >> > For details on ALL mailing lists and for joining or leaving
> >> > lists,
> >> go to
> >> > http://list.cfdeveloper.co.uk/mailman/listinfo
> >> >
> >> > --
> >> > CFDeveloper Sponsors:-
> >> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >> > >- Lists hosted by www.Gradwell.com -<
> >> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer
> >> > >your
> >> help
> >> > -<
> >> >
> >> >
> >> >
> **********************************************************************
> >> > This email and any files transmitted with it are confidential and
> >> > intended solely for the use of the individual or entity to whom
> >> they are
> >> > addressed and should not be disclosed to any other party.
> >> > If you have received this email in error please notify your
> >> > system manager and the sender of this message.
> >> >
> >> > This email message has been swept for the presence of computer
> viruses
> >> > but no guarantee is given that this e-mail message and any
> >> attachments are
> >> > free from viruses.
> >> >
> >> > Fife Council
> >> > Tel: 08451 55 00 00
> >> > ************************************************
> >> >
> >> > _______________________________________________
> >> >
> >> > For details on ALL mailing lists and for joining or leaving
> >> > lists,
> >> go to
> >> > http://list.cfdeveloper.co.uk/mailman/listinfo
> >> >
> >> > --
> >> > CFDeveloper Sponsors:-
> >> > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >> > >- Lists hosted by www.Gradwell.com -<
> >> > >- CFdeveloper is run by Russ Michaels, feel free to volunteer
> >> > >your
> >> help
> >> > -<
> >> >
> >>
> >>
> > _______________________________________________
> >
> > For details on ALL mailing lists and for joining or leaving lists,
> > go to http://list.cfdeveloper.co.uk/mailman/listinfo
> >
> > --
> > CFDeveloper Sponsors:-
> >
> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >> - Lists hosted by www.Gradwell.com -<
> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
> >> help -<
> >
> >
> >
> _______________________________________________
>
> For details on ALL mailing lists and for joining or leaving lists, go
> to http://list.cfdeveloper.co.uk/mailman/listinfo
>
> --
> CFDeveloper Sponsors:-
> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >- Lists hosted by www.Gradwell.com -<
> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your
> >help
> -<
>
>
> _______________________________________________
>
> For details on ALL mailing lists and for joining or leaving lists, go
> to http://list.cfdeveloper.co.uk/mailman/listinfo
>
> --
> CFDeveloper Sponsors:-
> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
> >- Lists hosted by www.Gradwell.com -<
> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your
> >help
> -<
>
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
>-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
