>- see footer for list info -< Except that using http_referer is not reliable as it doesn't always exist and would stop the page working for real people.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damian Watson Sent: 18 August 2006 12:44 To: Coldfusion Development Subject: Re: [Spam] Re: [CF-Dev] Help ..! >- see footer for list info -< So a check that the form was being submitted from the page itself would get around that... Simon Baynes wrote: >> - see footer for list info -< > I would imagine that the bot doesn't really fill the form in but just > submits the variables to the action page, so really this makes little > difference. > > On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote: >> >- see footer for list info -< >> We're gonna give it a go. All it relies on is the assumption that a >> bot will submit the form very rapidly. Indeed it would be good to >> know how quickly these things operate- anyone got an idea? >> >> Dominic Watson wrote: >> >> - see footer for list info -< >> > Ah yes, very elegent, nice indeed. <input type="hidden"> tho?. >> > Would love to know if it works. >> > >> > On 18/08/06, Damian Watson <[EMAIL PROTECTED]> wrote: >> >> >> >> >- see footer for list info -< >> >> Nice ;) >> >> >> >> Snake wrote: >> >> >> - see footer for list info -< >> >> >> >> >> > Yes that would be simple. >> >> > <input type="text" name="timer" value="#now()#"> >> >> > >> >> > And on the submit page, lets assume you know it takes a human at >> >> least 1 >> >> > minute to fill out your form. >> >> > >> >> > <cfif Datediff('n', form.timer, now()) LT 1> Reject </cfif> >> >> > >> >> > Russ >> >> > >> >> > >> >> > >> >> > -----Original Message----- >> >> > From: [EMAIL PROTECTED] >> >> > [mailto:[EMAIL PROTECTED] On Behalf Of Dominic >> >> Watson >> >> > Sent: 18 August 2006 01:20 >> >> > To: Coldfusion Development >> >> > Subject: Re: [Spam] Re: [CF-Dev] Help ..! >> >> > >> >> > >> >> >> - see footer for list info -< >> >> >> >> >> > I am an ignoramus on this subject but a thought occurred to me >> whilst >> >> > reading.... >> >> > >> >> > When a bot does this auto form filling, does it do it instantly? >> >> > If >> >> so, >> >> > would it be possible to somehow measure the time taken to fill >> in the >> >> form >> >> > (time taken between requesting the form page and the form result >> page >> >> > perhaps). Based on this time, the server could then reject the >> >> > form submission or allow it. >> >> > >> >> > A thought. I'm sure not an original one. >> >> > >> >> > On 17/08/06, Snake <[EMAIL PROTECTED]> wrote: >> >> > >> >> >>> - see footer for list info -< >> >> >>> >> >> >> Usually they are trying to hack vulnerabilities in web sites >> >> >> that allow thent o modify the mail headers and send spam out to >> multiple >> >> >> people via your mail forms. >> >> >> CF doesn't suffer form this problem, so only the person who is >> meant >> >> >> to get the feedback form gets the spam. >> >> >> >> >> >> Russ >> >> >> >> >> >> -----Original Message----- >> >> >> From: [EMAIL PROTECTED] >> >> >> [mailto:[EMAIL PROTECTED] On Behalf Of Damien >> >> >> Gallagher >> >> >> Sent: 17 August 2006 09:22 >> >> >> To: Coldfusion Development >> >> >> Subject: Re: [Spam] Re: [CF-Dev] Help ..! >> >> >> >> >> >> >> >> >>> - see footer for list info -< >> >> >>> >> >> >> Out of interest, what are they getting out of submitting, say, >> >> >> a feedback form loads of times? >> >> >> >> >> >> >> >> >> >> >> >> Rich Wild wrote: >> >> >> >> >> >> >> >> >>>> - see footer for list info -< >> >> >>>> >> >> >>> oh, I see, that's what a captcha is.. >> >> >>> >> >> >>> God I'm so old, I can't keep up with these new fangled wizbits. >> >> >>> >> >> >>> Anyway, if like me, you're not a fan of plugging other >> >> >>> people's things into your site without knowing what they do, >> >> >>> that's >> basically >> >> >>> the theory. >> >> >>> >> >> >>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote: >> >> >>> >> >> >>> >> >> >>>> "The only difficulty would this is get-aroundable by bots, >> assuming >> >> >>>> any bot writer cares enough about your site to spend the time >> >> >>>> rewriting their bot to regex your form field to get the magic >> >> >>>> word." >> >> >>>> >> >> >>>> Aha - so don't use words, use images. >> >> >>>> >> >> >>>> I've done this before, and its a little fiddly, but >> >> >>>> practically 100% spam safe. >> >> >>>> >> >> >>>> On the page hit, read a directory full of images that have >> >> >>>> magic words written on them, the file called the same as the >> >> >>>> magic >> word. >> >> >>>> >> >> >>>> Get a random one of those filenames: >> >> >>>> <cfset session.secureImageName = >> >> >>>> qryImageNames.name[randrange(1, qryImageNames.recordcount)]> >> >> >>>> >> >> >>>> set that to a session and display the image in the form - >> however, >> >> >>>> >> >> >> don't >> >> >> >> >> >>>> display it using simple <img >> src="images/secureImages/HYU78.jpg"> >> >> >>>> >> >> >>>> instead, use a CF page that serves up an image with the >> appropriate >> >> >>>> mimetype using cfcontent >> >> >>>> >> >> >>>> <img src="serveSecureImage.cfm"> >> >> >>>> >> >> >>>> In serveSecureImage.cfm, you read the session variable ( >> >> >>>> session.secureImageName ) you set before and return that >> >> >>>> using cfcontent. >> >> >>>> This means that bots can't simply read the html on the page >> >> >>>> and find >> >> >>>> >> >> >> the >> >> >> >> >> >>>> filename and use that in the input as the magic word. >> >> >>>> >> >> >>>> Alternatively, use an image making tag to write a randomly >> pulled >> >> >>>> magic word from a database or equivalent and simply serve >> >> >>>> that - this way >> >> >>>> >> >> >> just >> >> >> >> >> >>>> stops you having to have a directory full of images, but I >> had fun >> >> >>>> making those. >> >> >>>> >> >> >>>> If the magic word posted in the form don't fit the served >> image - >> >> >>>> don't send the mail! >> >> >>>> >> >> >>>> Richio McStitchio >> >> >>>> Chief Neckchief >> >> >>>> http://www.theideasbarn.com >> >> >>>> >> >> >>>> >> >> >>>> >> >> >>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote: >> >> >>>> >> >> >>>>>> - see footer for list info -< >> >> >>>>>> >> >> >>>>> I'm not a fan of captchas. Generally inacessible, unless >> >> >>>>> you also >> >> >>>>> >> >> >>>> make >> >> >>>> >> >> >>>>> an audio version available, and even then not the nicest >> hoop to >> >> >>>>> >> >> >>>> make users >> >> >>>> >> >> >>>>> jump through. >> >> >>>>> >> >> >>>>> One method I've seen elsewhere, but haven't used myself, is >> >> >>>>> an additional input box: >> >> >>>>> The magic word is blah. Please enter the magic word. >> >> >>>>> >> >> >>>>> The only place I've seen this method is the mysociety sites, >> e.g: >> >> >>>>> http://www.mysociety.org/?p=103 >> >> >>>>> >> >> >>>>> The only difficulty would this is get-aroundable by bots, >> >> >>>>> assuming >> >> >>>>> >> >> >> any >> >> >> >> >> >>>>> bot writer cares enough about your site to spend the time >> >> >>>>> rewriting >> >> >>>>> >> >> >>>> their >> >> >>>> >> >> >>>>> bot to regex your form field to get the magic word. >> >> >>>>> >> >> >>>>> >> >> >>>>> Duncan Cumming >> >> >>>>> New Media Developer >> >> >>>>> Customer Relations Management / Education Fife Council 700 >> 4105 / >> >> >>>>> 01592 414105 >> >> >>>>> >> >> >>>>> >> >> >>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>> >> >> >>>>>>>> >> >> >>>>>> - see footer for list info -< >> >> >>>>>> >> >> >>>>> Hi all. >> >> >>>>> >> >> >>>>> I have a contact form which submits an email (cfmail) The >> form is >> >> >>>>> being hit by a web bot and sent hundreds of times >> >> >>>>> >> >> >>>>> Is there any way I can stop this? >> >> >>>>> >> >> >>>>> regards - paul >> >> >>>>> >> >> >>>>> >> >> >>>>> _______________________________________________ >> >> >>>>> >> >> >>>>> For details on ALL mailing lists and for joining or leaving >> >> >>>>> lists, >> >> >>>>> >> >> >>>> go to >> >> >>>> >> >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >>>>> >> >> >>>>> -- >> >> >>>>> CFDeveloper Sponsors:- >> >> >>>>> >> >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >>>>>> - Lists hosted by www.Gradwell.com -< >> >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to >> >> >>>>>> volunteer your >> >> >>>>>> >> >> >>>> help >> >> >>>> >> >> >>>>> -< >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >> >> >> >> ********************************************************************* >> * >> >> >> >> >> >>>>> This email and any files transmitted with it are >> confidential and >> >> >>>>> intended solely for the use of the individual or entity to >> >> >>>>> whom >> >> >>>>> >> >> >>>> they are >> >> >>>> >> >> >>>>> addressed and should not be disclosed to any other party. >> >> >>>>> If you have received this email in error please notify your >> >> >>>>> system manager and the sender of this message. >> >> >>>>> >> >> >>>>> This email message has been swept for the presence of >> >> >>>>> computer >> >> >>>>> >> >> >> viruses >> >> >> >> >> >>>>> but no guarantee is given that this e-mail message and any >> >> >>>>> >> >> >>>> attachments are >> >> >>>> >> >> >>>>> free from viruses. >> >> >>>>> >> >> >>>>> Fife Council >> >> >>>>> Tel: 08451 55 00 00 >> >> >>>>> ************************************************ >> >> >>>>> >> >> >>>>> _______________________________________________ >> >> >>>>> >> >> >>>>> For details on ALL mailing lists and for joining or leaving >> >> >>>>> lists, >> >> >>>>> >> >> >>>> go to >> >> >>>> >> >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >>>>> >> >> >>>>> -- >> >> >>>>> CFDeveloper Sponsors:- >> >> >>>>> >> >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >>>>>> - Lists hosted by www.Gradwell.com -< >> >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to >> >> >>>>>> volunteer your >> >> >>>>>> >> >> >>>> help >> >> >>>> >> >> >>>>> -< >> >> >>>>> >> >> >>>>> >> >> >>>> >> >> >>> _______________________________________________ >> >> >>> >> >> >>> For details on ALL mailing lists and for joining or leaving >> lists, >> >> >>> go to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >>> >> >> >>> -- >> >> >>> CFDeveloper Sponsors:- >> >> >>> >> >> >>> >> >> >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >>>> - Lists hosted by www.Gradwell.com -< >> >> >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >> your >> >> >>>> help -< >> >> >>>> >> >> >>> >> >> >>> >> >> >> _______________________________________________ >> >> >> >> >> >> For details on ALL mailing lists and for joining or leaving >> lists, go >> >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >> >> >> >> -- >> >> >> CFDeveloper Sponsors:- >> >> >> >> >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >>> - Lists hosted by www.Gradwell.com -< >> >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >> your >> >> >>> help >> >> >>> >> >> >> -< >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> >> >> For details on ALL mailing lists and for joining or leaving >> lists, go >> >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >> >> >> >> -- >> >> >> CFDeveloper Sponsors:- >> >> >> >> >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >>> - Lists hosted by www.Gradwell.com -< >> >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer >> your >> >> >>> help >> >> >>> >> >> >> -< >> >> >> >> >> >> >> >> > _______________________________________________ >> >> > >> >> > For details on ALL mailing lists and for joining or leaving >> >> > lists, >> >> go to >> >> > http://list.cfdeveloper.co.uk/mailman/listinfo >> >> > >> >> > -- >> >> > CFDeveloper Sponsors:- >> >> > >> >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >> - Lists hosted by www.Gradwell.com -< >> >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer >> >> >> your >> >> help >> >> >> -< >> >> >> >> >> > >> >> > >> >> > _______________________________________________ >> >> > >> >> > For details on ALL mailing lists and for joining or leaving >> >> > lists, >> >> go to >> >> http://list.cfdeveloper.co.uk/mailman/listinfo >> >> > >> >> > -- >> >> > CFDeveloper Sponsors:- >> >> > >> >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >> - Lists hosted by www.Gradwell.com -< >> >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer >> >> >> your >> >> help >> >> -< >> >> >> >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> >> >> For details on ALL mailing lists and for joining or leaving lists, >> go to >> >> http://list.cfdeveloper.co.uk/mailman/listinfo >> >> >> >> -- >> >> CFDeveloper Sponsors:- >> >> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> >- Lists hosted by www.Gradwell.com -< >> >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer >> your help >> >> -< >> >> >> > _______________________________________________ >> > >> > For details on ALL mailing lists and for joining or leaving lists, >> > go to http://list.cfdeveloper.co.uk/mailman/listinfo >> > >> > -- >> > CFDeveloper Sponsors:- >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >> - Lists hosted by www.Gradwell.com -< >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >> >> help -< >> > >> >> _______________________________________________ >> >> For details on ALL mailing lists and for joining or leaving lists, go >> to http://list.cfdeveloper.co.uk/mailman/listinfo >> >> -- >> CFDeveloper Sponsors:- >> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >> >- Lists hosted by www.Gradwell.com -< >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your >> help -< >> > > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
