>- see footer for list info -< A user agent check perhaps would limit things more then.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Baynes Sent: 18 August 2006 12:27 To: Coldfusion Development Subject: Re: [Spam] Re: [CF-Dev] Help ..! >- see footer for list info -< I would imagine that the bot doesn't really fill the form in but just submits the variables to the action page, so really this makes little difference. On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote: > >- see footer for list info -< > We're gonna give it a go. All it relies on is the assumption that a > bot will submit the form very rapidly. Indeed it would be good to know > how quickly these things operate- anyone got an idea? > > Dominic Watson wrote: > >> - see footer for list info -< > > Ah yes, very elegent, nice indeed. <input type="hidden"> tho?. Would > > love to know if it works. > > > > On 18/08/06, Damian Watson <[EMAIL PROTECTED]> wrote: > >> > >> >- see footer for list info -< > >> Nice ;) > >> > >> Snake wrote: > >> >> - see footer for list info -< > >> >> > >> > Yes that would be simple. > >> > <input type="text" name="timer" value="#now()#"> > >> > > >> > And on the submit page, lets assume you know it takes a human at > >> least 1 > >> > minute to fill out your form. > >> > > >> > <cfif Datediff('n', form.timer, now()) LT 1> Reject </cfif> > >> > > >> > Russ > >> > > >> > > >> > > >> > -----Original Message----- > >> > From: [EMAIL PROTECTED] > >> > [mailto:[EMAIL PROTECTED] On Behalf Of Dominic > >> Watson > >> > Sent: 18 August 2006 01:20 > >> > To: Coldfusion Development > >> > Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >> > > >> > > >> >> - see footer for list info -< > >> >> > >> > I am an ignoramus on this subject but a thought occurred to me > >> > whilst reading.... > >> > > >> > When a bot does this auto form filling, does it do it instantly? > >> > If > >> so, > >> > would it be possible to somehow measure the time taken to fill in > >> > the > >> form > >> > (time taken between requesting the form page and the form result > >> > page perhaps). Based on this time, the server could then reject > >> > the form submission or allow it. > >> > > >> > A thought. I'm sure not an original one. > >> > > >> > On 17/08/06, Snake <[EMAIL PROTECTED]> wrote: > >> > > >> >>> - see footer for list info -< > >> >>> > >> >> Usually they are trying to hack vulnerabilities in web sites > >> >> that allow thent o modify the mail headers and send spam out to > >> >> multiple people via your mail forms. > >> >> CF doesn't suffer form this problem, so only the person who is > >> >> meant to get the feedback form gets the spam. > >> >> > >> >> Russ > >> >> > >> >> -----Original Message----- > >> >> From: [EMAIL PROTECTED] > >> >> [mailto:[EMAIL PROTECTED] On Behalf Of Damien > >> >> Gallagher > >> >> Sent: 17 August 2006 09:22 > >> >> To: Coldfusion Development > >> >> Subject: Re: [Spam] Re: [CF-Dev] Help ..! > >> >> > >> >> > >> >>> - see footer for list info -< > >> >>> > >> >> Out of interest, what are they getting out of submitting, say, a > >> >> feedback form loads of times? > >> >> > >> >> > >> >> > >> >> Rich Wild wrote: > >> >> > >> >> > >> >>>> - see footer for list info -< > >> >>>> > >> >>> oh, I see, that's what a captcha is.. > >> >>> > >> >>> God I'm so old, I can't keep up with these new fangled wizbits. > >> >>> > >> >>> Anyway, if like me, you're not a fan of plugging other people's > >> >>> things into your site without knowing what they do, that's > >> >>> basically the theory. > >> >>> > >> >>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: > >> >>> > >> >>> > >> >>>> "The only difficulty would this is get-aroundable by bots, > >> >>>> assuming any bot writer cares enough about your site to spend > >> >>>> the time rewriting their bot to regex your form field to get > >> >>>> the magic word." > >> >>>> > >> >>>> Aha - so don't use words, use images. > >> >>>> > >> >>>> I've done this before, and its a little fiddly, but > >> >>>> practically 100% spam safe. > >> >>>> > >> >>>> On the page hit, read a directory full of images that have > >> >>>> magic words written on them, the file called the same as the magic word. > >> >>>> > >> >>>> Get a random one of those filenames: > >> >>>> <cfset session.secureImageName = > >> >>>> qryImageNames.name[randrange(1, qryImageNames.recordcount)]> > >> >>>> > >> >>>> set that to a session and display the image in the form - > >> >>>> however, > >> >>>> > >> >> don't > >> >> > >> >>>> display it using simple <img > >> >>>> src="images/secureImages/HYU78.jpg"> > >> >>>> > >> >>>> instead, use a CF page that serves up an image with the > >> >>>> appropriate mimetype using cfcontent > >> >>>> > >> >>>> <img src="serveSecureImage.cfm"> > >> >>>> > >> >>>> In serveSecureImage.cfm, you read the session variable ( > >> >>>> session.secureImageName ) you set before and return that using > >> >>>> cfcontent. > >> >>>> This means that bots can't simply read the html on the page > >> >>>> and find > >> >>>> > >> >> the > >> >> > >> >>>> filename and use that in the input as the magic word. > >> >>>> > >> >>>> Alternatively, use an image making tag to write a randomly > >> >>>> pulled magic word from a database or equivalent and simply > >> >>>> serve that - this way > >> >>>> > >> >> just > >> >> > >> >>>> stops you having to have a directory full of images, but I had > >> >>>> fun making those. > >> >>>> > >> >>>> If the magic word posted in the form don't fit the served > >> >>>> image - don't send the mail! > >> >>>> > >> >>>> Richio McStitchio > >> >>>> Chief Neckchief > >> >>>> http://www.theideasbarn.com > >> >>>> > >> >>>> > >> >>>> > >> >>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: > >> >>>> > >> >>>>>> - see footer for list info -< > >> >>>>>> > >> >>>>> I'm not a fan of captchas. Generally inacessible, unless you > >> >>>>> also > >> >>>>> > >> >>>> make > >> >>>> > >> >>>>> an audio version available, and even then not the nicest hoop > >> >>>>> to > >> >>>>> > >> >>>> make users > >> >>>> > >> >>>>> jump through. > >> >>>>> > >> >>>>> One method I've seen elsewhere, but haven't used myself, is > >> >>>>> an additional input box: > >> >>>>> The magic word is blah. Please enter the magic word. > >> >>>>> > >> >>>>> The only place I've seen this method is the mysociety sites, e.g: > >> >>>>> http://www.mysociety.org/?p=103 > >> >>>>> > >> >>>>> The only difficulty would this is get-aroundable by bots, > >> >>>>> assuming > >> >>>>> > >> >> any > >> >> > >> >>>>> bot writer cares enough about your site to spend the time > >> >>>>> rewriting > >> >>>>> > >> >>>> their > >> >>>> > >> >>>>> bot to regex your form field to get the magic word. > >> >>>>> > >> >>>>> > >> >>>>> Duncan Cumming > >> >>>>> New Media Developer > >> >>>>> Customer Relations Management / Education Fife Council 700 > >> >>>>> 4105 / > >> >>>>> 01592 414105 > >> >>>>> > >> >>>>> > >> >>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> > >> >>>>>>>> > >> >>>>>> - see footer for list info -< > >> >>>>>> > >> >>>>> Hi all. > >> >>>>> > >> >>>>> I have a contact form which submits an email (cfmail) The > >> >>>>> form is being hit by a web bot and sent hundreds of times > >> >>>>> > >> >>>>> Is there any way I can stop this? > >> >>>>> > >> >>>>> regards - paul > >> >>>>> > >> >>>>> > >> >>>>> _______________________________________________ > >> >>>>> > >> >>>>> For details on ALL mailing lists and for joining or leaving > >> >>>>> lists, > >> >>>>> > >> >>>> go to > >> >>>> > >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>>>> > >> >>>>> -- > >> >>>>> CFDeveloper Sponsors:- > >> >>>>> > >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>>>> - Lists hosted by www.Gradwell.com -< > >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to > >> >>>>>> volunteer your > >> >>>>>> > >> >>>> help > >> >>>> > >> >>>>> -< > >> >>>>> > >> >>>>> > >> >>>>> > >> >>>>> > >> >> > >> ******************************************************************* > >> *** > >> >> > >> >>>>> This email and any files transmitted with it are confidential > >> >>>>> and intended solely for the use of the individual or entity > >> >>>>> to whom > >> >>>>> > >> >>>> they are > >> >>>> > >> >>>>> addressed and should not be disclosed to any other party. > >> >>>>> If you have received this email in error please notify your > >> >>>>> system manager and the sender of this message. > >> >>>>> > >> >>>>> This email message has been swept for the presence of > >> >>>>> computer > >> >>>>> > >> >> viruses > >> >> > >> >>>>> but no guarantee is given that this e-mail message and any > >> >>>>> > >> >>>> attachments are > >> >>>> > >> >>>>> free from viruses. > >> >>>>> > >> >>>>> Fife Council > >> >>>>> Tel: 08451 55 00 00 > >> >>>>> ************************************************ > >> >>>>> > >> >>>>> _______________________________________________ > >> >>>>> > >> >>>>> For details on ALL mailing lists and for joining or leaving > >> >>>>> lists, > >> >>>>> > >> >>>> go to > >> >>>> > >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>>>> > >> >>>>> -- > >> >>>>> CFDeveloper Sponsors:- > >> >>>>> > >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>>>> - Lists hosted by www.Gradwell.com -< > >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to > >> >>>>>> volunteer your > >> >>>>>> > >> >>>> help > >> >>>> > >> >>>>> -< > >> >>>>> > >> >>>>> > >> >>>> > >> >>> _______________________________________________ > >> >>> > >> >>> For details on ALL mailing lists and for joining or leaving > >> >>> lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >>> > >> >>> -- > >> >>> CFDeveloper Sponsors:- > >> >>> > >> >>> > >> >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>>> - Lists hosted by www.Gradwell.com -< > >> >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >>>> your help -< > >> >>>> > >> >>> > >> >>> > >> >> _______________________________________________ > >> >> > >> >> For details on ALL mailing lists and for joining or leaving > >> >> lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >> > >> >> -- > >> >> CFDeveloper Sponsors:- > >> >> > >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>> - Lists hosted by www.Gradwell.com -< > >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >>> your help > >> >>> > >> >> -< > >> >> > >> >> > >> >> _______________________________________________ > >> >> > >> >> For details on ALL mailing lists and for joining or leaving > >> >> lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> >> > >> >> -- > >> >> CFDeveloper Sponsors:- > >> >> > >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >>> - Lists hosted by www.Gradwell.com -< > >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >>> your help > >> >>> > >> >> -< > >> >> > >> >> > >> > _______________________________________________ > >> > > >> > For details on ALL mailing lists and for joining or leaving > >> > lists, > >> go to > >> > http://list.cfdeveloper.co.uk/mailman/listinfo > >> > > >> > -- > >> > CFDeveloper Sponsors:- > >> > > >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >> - Lists hosted by www.Gradwell.com -< > >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >> your > >> help > >> >> -< > >> >> > >> > > >> > > >> > _______________________________________________ > >> > > >> > For details on ALL mailing lists and for joining or leaving > >> > lists, > >> go to > >> http://list.cfdeveloper.co.uk/mailman/listinfo > >> > > >> > -- > >> > CFDeveloper Sponsors:- > >> > > >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >> - Lists hosted by www.Gradwell.com -< > >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer > >> >> your > >> help > >> -< > >> >> > >> > > >> > > >> > >> _______________________________________________ > >> > >> For details on ALL mailing lists and for joining or leaving lists, > >> go to http://list.cfdeveloper.co.uk/mailman/listinfo > >> > >> -- > >> CFDeveloper Sponsors:- > >> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> >- Lists hosted by www.Gradwell.com -< > >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> >help > >> -< > >> > > _______________________________________________ > > > > For details on ALL mailing lists and for joining or leaving lists, > > go to http://list.cfdeveloper.co.uk/mailman/listinfo > > > > -- > > CFDeveloper Sponsors:- > >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >> - Lists hosted by www.Gradwell.com -< > >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your > >> help -< > > > > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< > >- Lists hosted by www.Gradwell.com -< > >- CFdeveloper is run by Russ Michaels, feel free to volunteer your > >help -< > -- Simon Baynes www.simonbaynes.com _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
