>- see footer for list info -< I haven't but as someone who has *cough* done something similar in the past - user agent cloaking, random request patterns and revolving proxies may hamper your efforts to identify it as a bot.
That said, there are obvious request patterns which seem unlikely for a human to - e.g. 200 submissions in the a couple of seconds. Kola > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:dev- > [EMAIL PROTECTED] On Behalf Of Damian Watson > Sent: 18 August 2006 10:37 > To: Coldfusion Development > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > > >- see footer for list info -< > We're gonna give it a go. All it relies on is the assumption that a bot > will submit the form very rapidly. Indeed it would be good to know how > quickly these things operate- anyone got an idea? > > Dominic Watson wrote: > >> - see footer for list info -< > > Ah yes, very elegent, nice indeed. <input type="hidden"> tho?. Would > > love to > > know if it works. > > > > On 18/08/06, Damian Watson <[EMAIL PROTECTED]> wrote: > >> > >> >- see footer for list info -< > >> Nice ;) > >> > >> Snake wrote: > >> >> - see footer for list info -< > >> >> > >> > Yes that would be simple. > >> > <input type="text" name="timer" value="#now()#"> > >> > > >> > And on the submit page, lets assume you know it takes a human at > >> least 1 > >> > minute to fill out your form. > >> > > >> > <cfif Datediff('n', form.timer, now()) LT 1> > >> > Reject > >> > </cfif> > >> > > >> > Russ > >> > > >> > > >> > > >> > -----Original Message----- > >> > From: [EMAIL PROTECTED] > >> > [mailto:[EMAIL PROTECTED] On Behalf Of Dominic > >> Watson > >> > Sent: 18 August 2006 01:20 > >> > To: Coldfusion Development > >> > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >> > > >> > > >> >> - see footer for list info -< > >> >> > >> > I am an ignoramus on this subject but a thought occurred to me whilst > >> > reading.... > >> > > >> > When a bot does this auto form filling, does it do it instantly? If > >> so, > >> > would it be possible to somehow measure the time taken to fill in the > >> form > >> > (time taken between requesting the form page and the form result page > >> > perhaps). Based on this time, the server could then reject the form > >> > submission or allow it. > >> > > >> > A thought. I'm sure not an original one. > >> > > >> > On 17/08/06, Snake <[EMAIL PROTECTED]> wrote: > >> > > >> >>> - see footer for list info -< > >> >>> > >> >> Usually they are trying to hack vulnerabilities in web sites that > >> >> allow thent o modify the mail headers and send spam out to multiple > >> >> people via your mail forms. > >> >> CF doesn't suffer form this problem, so only the person who is meant > >> >> to get the feedback form gets the spam. > >> >> > >> >> Russ > >> >> > >> >> -----Original Message----- > >> >> From: [EMAIL PROTECTED] > >> >> [mailto:[EMAIL PROTECTED] On Behalf Of Damien > >> >> Gallagher > >> >> Sent: 17 August 2006 09:22 > >> >> To: Coldfusion Development > >> >> Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >> >> > >> >> > >> >>> - see footer for list info -< > >> >>> > >> >> Out of interest, what are they getting out of submitting, say, a > >> >> feedback form loads of times? > >> >> > >> >> > >> >> > >> >> Rich Wild wrote: > >> >> > >> >> > >> >>>> - see footer for list info -< > >> >>>> > >> >>> oh, I see, that's what a captcha is.. > >> >>> > >> >>> God I'm so old, I can't keep up with these new fangled wizbits. > >> >>> > >> >>> Anyway, if like me, you're not a fan of plugging other people's > >> >>> things into your site without knowing what they do, that's basically > >> >>> the theory. > >> >>> > >> >>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > >> >>> > >> >>> > >> >>>> "The only difficulty would this is get-aroundable by bots, assuming > >> >>>> any bot writer cares enough about your site to spend the time > >> >>>> rewriting their bot to regex your form field to get the magic > >> >>>> word." > >> >>>> > >> >>>> Aha - so don't use words, use images. > >> >>>> > >> >>>> I've done this before, and its a little fiddly, but practically > >> >>>> 100% spam safe. > >> >>>> > >> >>>> On the page hit, read a directory full of images that have magic > >> >>>> words written on them, the file called the same as the magic word. > >> >>>> > >> >>>> Get a random one of those filenames: > >> >>>> <cfset session.secureImageName = qryImageNames.name[randrange(1, > >> >>>> qryImageNames.recordcount)]> > >> >>>> > >> >>>> set that to a session and display the image in the form - however, > >> >>>> > >> >> don't > >> >> > >> >>>> display it using simple <img src="images/secureImages/HYU78.jpg"> > >> >>>> > >> >>>> instead, use a CF page that serves up an image with the appropriate > >> >>>> mimetype using cfcontent > >> >>>> > >> >>>> <img src="serveSecureImage.cfm"> > >> >>>> > >> >>>> In serveSecureImage.cfm, you read the session variable ( > >> >>>> session.secureImageName ) you set before and return that using > >> >>>> cfcontent. > >> >>>> This means that bots can't simply read the html on the page and > >> >>>> find > >> >>>> > >> >> the > >> >> > >> >>>> filename and use that in the input as the magic word. > >> >>>> > >> >>>> Alternatively, use an image making tag to write a randomly pulled > >> >>>> magic word from a database or equivalent and simply serve that - > >> >>>> this way > >> >>>> > >> >> just > >> >> > >> >>>> stops you having to have a directory full of images, but I had fun > >> >>>> making those. > >> >>>> > >> >>>> If the magic word posted in the form don't fit the served image - > >> >>>> don't send the mail! > >> >>>> > >> >>>> Richio McStitchio > >> >>>> Chief Neckchief > >> >>>> http://www.theideasbarn.com > >> >>>> > >> >>>> > >> >>>> > >> >>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > >> >>>> > >> >>>>>> - see footer for list info -< > >> >>>>>> > >> >>>>> I'm not a fan of captchas. Generally inacessible, unless you > >> >>>>> also > >> >>>>> > >> >>>> make > >> >>>> > >> >>>>> an audio version available, and even then not the nicest hoop to > >> >>>>> > >> >>>> make users > >> >>>> > >> >>>>> jump through. > >> >>>>> > >> >>>>> One method I've seen elsewhere, but haven't used myself, is an > >> >>>>> additional input box: > >> >>>>> The magic word is blah. Please enter the magic word. > >> >>>>> > >> >>>>> The only place I've seen this method is the mysociety sites, e.g: > >> >>>>> http://www.mysociety.org/?p=103 > >> >>>>> > >> >>>>> The only difficulty would this is get-aroundable by bots, > >> >>>>> assuming > >> >>>>> > >> >> any > >> >> > >> >>>>> bot writer cares enough about your site to spend the time > >> >>>>> rewriting > >> >>>>> > >> >>>> their > >> >>>> > >> >>>>> bot to regex your form field to get the magic word. > >> >>>>> > >> >>>>> > >> >>>>> Duncan Cumming > >> >>>>> New Media Developer > >> >>>>> Customer Relations Management / Education Fife Council 700 4105 / > >> >>>>> 01592 414105 > >> >>>>> > >> >>>>> > >> >>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > >> >>>>>>>> > >> >>>>>> - see footer for list info -< > >> >>>>>> > >> >>>>> Hi all. > >> >>>>> > >> >>>>> I have a contact form which submits an email (cfmail) The form is > >> >>>>> being hit by a web bot and sent hundreds of times > >> >>>>> > >> >>>>> Is there any way I can stop this? > >> >>>>> > >> >>>>> regards - paul > >> >>>>> > >> >>>>> > >> >>>>> _______________________________________________ > >> >>>>> > >> >>>>> For details on ALL mailing lists and for joining or leaving > >> >>>>> lists, > >> >>>>> > >> >>>> go to > >> >>>> > >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>>>> > >> >>>>> -- > >> >>>>> CFDeveloper Sponsors:- > >> >>>>> > >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>>>> - Lists hosted by www.Gradwell.com -< > >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >>>>>> your > >> >>>>>> > >> >>>> help > >> >>>> > >> >>>>> -< > >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> > >> >> > >> > ******************************************************************** > ** > >> >> > >> >>>>> This email and any files transmitted with it are confidential and > >> >>>>> intended solely for the use of the individual or entity to whom > >> >>>>> > >> >>>> they are > >> >>>> > >> >>>>> addressed and should not be disclosed to any other party. > >> >>>>> If you have received this email in error please notify your > >> >>>>> system manager and the sender of this message. > >> >>>>> > >> >>>>> This email message has been swept for the presence of computer > >> >>>>> > >> >> viruses > >> >> > >> >>>>> but no guarantee is given that this e-mail message and any > >> >>>>> > >> >>>> attachments are > >> >>>> > >> >>>>> free from viruses. > >> >>>>> > >> >>>>> Fife Council > >> >>>>> Tel: 08451 55 00 00 > >> >>>>> ************************************************ > >> >>>>> > >> >>>>> _______________________________________________ > >> >>>>> > >> >>>>> For details on ALL mailing lists and for joining or leaving > >> >>>>> lists, > >> >>>>> > >> >>>> go to > >> >>>> > >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>>>> > >> >>>>> -- > >> >>>>> CFDeveloper Sponsors:- > >> >>>>> > >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>>>> - Lists hosted by www.Gradwell.com -< > >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >>>>>> your > >> >>>>>> > >> >>>> help > >> >>>> > >> >>>>> -< > >> >>>>> > >> >>>>> > >> >>>> > >> >>> _______________________________________________ > >> >>> > >> >>> For details on ALL mailing lists and for joining or leaving lists, > >> >>> go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>> > >> >>> -- > >> >>> CFDeveloper Sponsors:- > >> >>> > >> >>> > >> >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>> - Lists hosted by www.Gradwell.com -< > >> >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> >>>> help -< > >> >>>> > >> >>> > >> >>> > >> >> _______________________________________________ > >> >> > >> >> For details on ALL mailing lists and for joining or leaving lists, go > >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >> > >> >> -- > >> >> CFDeveloper Sponsors:- > >> >> > >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>> - Lists hosted by www.Gradwell.com -< > >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> >>> help > >> >>> > >> >> -< > >> >> > >> >> > >> >> _______________________________________________ > >> >> > >> >> For details on ALL mailing lists and for joining or leaving lists, go > >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >> > >> >> -- > >> >> CFDeveloper Sponsors:- > >> >> > >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>> - Lists hosted by www.Gradwell.com -< > >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> >>> help > >> >>> > >> >> -< > >> >> > >> >> > >> > _______________________________________________ > >> > > >> > For details on ALL mailing lists and for joining or leaving lists, > >> go to > >> > http://list.cfdeveloper.co.uk/mailman/listinfo > >> > > >> > -- > >> > CFDeveloper Sponsors:- > >> > > >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >> - Lists hosted by www.Gradwell.com -< > >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help > >> >> -< > >> >> > >> > > >> > > >> > _______________________________________________ > >> > > >> > For details on ALL mailing lists and for joining or leaving lists, > >> go to > >> http://list.cfdeveloper.co.uk/mailman/listinfo > >> > > >> > -- > >> > CFDeveloper Sponsors:- > >> > > >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >> - Lists hosted by www.Gradwell.com -< > >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help > >> -< > >> >> > >> > > >> > > >> > >> _______________________________________________ > >> > >> For details on ALL mailing lists and for joining or leaving lists, go to > >> http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >> -- > >> CFDeveloper Sponsors:- > >> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >- Lists hosted by www.Gradwell.com -< > >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help > >> -< > >> > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, go > > to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> - Lists hosted by www.Gradwell.com -< > >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help -< > > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go to > http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
