- see footer for list info -<
Nice ;)
Snake wrote:
- see footer for list info -<
Yes that would be simple.
<input type="text" name="timer" value="#now()#">
And on the submit page, lets assume you know it takes a human at least 1
minute to fill out your form.
<cfif Datediff('n', form.timer, now()) LT 1>
Reject
</cfif>
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dominic Watson
Sent: 18 August 2006 01:20
To: Coldfusion Development
Subject: Re: [Spam] Re: [CF-Dev] Help ..!
- see footer for list info -<
I am an ignoramus on this subject but a thought occurred to me whilst
reading....
When a bot does this auto form filling, does it do it instantly? If so,
would it be possible to somehow measure the time taken to fill in the form
(time taken between requesting the form page and the form result page
perhaps). Based on this time, the server could then reject the form
submission or allow it.
A thought. I'm sure not an original one.
On 17/08/06, Snake <[EMAIL PROTECTED]> wrote:
- see footer for list info -<
Usually they are trying to hack vulnerabilities in web sites that
allow thent o modify the mail headers and send spam out to multiple
people via your mail forms.
CF doesn't suffer form this problem, so only the person who is meant
to get the feedback form gets the spam.
Russ
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Damien
Gallagher
Sent: 17 August 2006 09:22
To: Coldfusion Development
Subject: Re: [Spam] Re: [CF-Dev] Help ..!
- see footer for list info -<
Out of interest, what are they getting out of submitting, say, a
feedback form loads of times?
Rich Wild wrote:
- see footer for list info -<
oh, I see, that's what a captcha is..
God I'm so old, I can't keep up with these new fangled wizbits.
Anyway, if like me, you're not a fan of plugging other people's
things into your site without knowing what they do, that's basically
the theory.
On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote:
"The only difficulty would this is get-aroundable by bots, assuming
any bot writer cares enough about your site to spend the time
rewriting their bot to regex your form field to get the magic
word."
Aha - so don't use words, use images.
I've done this before, and its a little fiddly, but practically
100% spam safe.
On the page hit, read a directory full of images that have magic
words written on them, the file called the same as the magic word.
Get a random one of those filenames:
<cfset session.secureImageName = qryImageNames.name[randrange(1,
qryImageNames.recordcount)]>
set that to a session and display the image in the form - however,
don't
display it using simple <img src="images/secureImages/HYU78.jpg">
instead, use a CF page that serves up an image with the appropriate
mimetype using cfcontent
<img src="serveSecureImage.cfm">
In serveSecureImage.cfm, you read the session variable (
session.secureImageName ) you set before and return that using
cfcontent.
This means that bots can't simply read the html on the page and
find
the
filename and use that in the input as the magic word.
Alternatively, use an image making tag to write a randomly pulled
magic word from a database or equivalent and simply serve that -
this way
just
stops you having to have a directory full of images, but I had fun
making those.
If the magic word posted in the form don't fit the served image -
don't send the mail!
Richio McStitchio
Chief Neckchief
http://www.theideasbarn.com
On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote:
- see footer for list info -<
I'm not a fan of captchas. Generally inacessible, unless you
also
make
an audio version available, and even then not the nicest hoop to
make users
jump through.
One method I've seen elsewhere, but haven't used myself, is an
additional input box:
The magic word is blah. Please enter the magic word.
The only place I've seen this method is the mysociety sites, e.g:
http://www.mysociety.org/?p=103
The only difficulty would this is get-aroundable by bots,
assuming
any
bot writer cares enough about your site to spend the time
rewriting
their
bot to regex your form field to get the magic word.
Duncan Cumming
New Media Developer
Customer Relations Management / Education Fife Council 700 4105 /
01592 414105
[EMAIL PROTECTED] 16/08/2006 14:25 >>>
- see footer for list info -<
Hi all.
I have a contact form which submits an email (cfmail) The form is
being hit by a web bot and sent hundreds of times
Is there any way I can stop this?
regards - paul
_______________________________________________
For details on ALL mailing lists and for joining or leaving
lists,
go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer
your
help
-<
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are
addressed and should not be disclosed to any other party.
If you have received this email in error please notify your
system manager and the sender of this message.
This email message has been swept for the presence of computer
viruses
but no guarantee is given that this e-mail message and any
attachments are
free from viruses.
Fife Council
Tel: 08451 55 00 00
************************************************
_______________________________________________
For details on ALL mailing lists and for joining or leaving
lists,
go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer
your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists,
go to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
