- see footer for list info -<
Well essentially you can, but you can spoof useragents and referers
quite easily. Everything you add is just a deterrent, if they want to
spam you enough they will. It is like home security, you are just
trying to make you neighbour look more attractive to burgle than you!
On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote:
>- see footer for list info -<
So a check that the form was being submitted from the page itself would
get around that...
Simon Baynes wrote:
>> - see footer for list info -<
> I would imagine that the bot doesn't really fill the form in but just
> submits the variables to the action page, so really this makes little
> difference.
>
> On 8/18/06, Damian Watson <[EMAIL PROTECTED]> wrote:
>> >- see footer for list info -<
>> We're gonna give it a go. All it relies on is the assumption that a bot
>> will submit the form very rapidly. Indeed it would be good to know how
>> quickly these things operate- anyone got an idea?
>>
>> Dominic Watson wrote:
>> >> - see footer for list info -<
>> > Ah yes, very elegent, nice indeed. <input type="hidden"> tho?. Would
>> > love to
>> > know if it works.
>> >
>> > On 18/08/06, Damian Watson <[EMAIL PROTECTED]> wrote:
>> >>
>> >> >- see footer for list info -<
>> >> Nice ;)
>> >>
>> >> Snake wrote:
>> >> >> - see footer for list info -<
>> >> >>
>> >> > Yes that would be simple.
>> >> > <input type="text" name="timer" value="#now()#">
>> >> >
>> >> > And on the submit page, lets assume you know it takes a human at
>> >> least 1
>> >> > minute to fill out your form.
>> >> >
>> >> > <cfif Datediff('n', form.timer, now()) LT 1>
>> >> > Reject
>> >> > </cfif>
>> >> >
>> >> > Russ
>> >> >
>> >> >
>> >> >
>> >> > -----Original Message-----
>> >> > From: [EMAIL PROTECTED]
>> >> > [mailto:[EMAIL PROTECTED] On Behalf Of Dominic
>> >> Watson
>> >> > Sent: 18 August 2006 01:20
>> >> > To: Coldfusion Development
>> >> > Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>> >> >
>> >> >
>> >> >> - see footer for list info -<
>> >> >>
>> >> > I am an ignoramus on this subject but a thought occurred to me
>> whilst
>> >> > reading....
>> >> >
>> >> > When a bot does this auto form filling, does it do it instantly? If
>> >> so,
>> >> > would it be possible to somehow measure the time taken to fill
>> in the
>> >> form
>> >> > (time taken between requesting the form page and the form result
>> page
>> >> > perhaps). Based on this time, the server could then reject the form
>> >> > submission or allow it.
>> >> >
>> >> > A thought. I'm sure not an original one.
>> >> >
>> >> > On 17/08/06, Snake <[EMAIL PROTECTED]> wrote:
>> >> >
>> >> >>> - see footer for list info -<
>> >> >>>
>> >> >> Usually they are trying to hack vulnerabilities in web sites that
>> >> >> allow thent o modify the mail headers and send spam out to
>> multiple
>> >> >> people via your mail forms.
>> >> >> CF doesn't suffer form this problem, so only the person who is
>> meant
>> >> >> to get the feedback form gets the spam.
>> >> >>
>> >> >> Russ
>> >> >>
>> >> >> -----Original Message-----
>> >> >> From: [EMAIL PROTECTED]
>> >> >> [mailto:[EMAIL PROTECTED] On Behalf Of Damien
>> >> >> Gallagher
>> >> >> Sent: 17 August 2006 09:22
>> >> >> To: Coldfusion Development
>> >> >> Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>> >> >>
>> >> >>
>> >> >>> - see footer for list info -<
>> >> >>>
>> >> >> Out of interest, what are they getting out of submitting, say, a
>> >> >> feedback form loads of times?
>> >> >>
>> >> >>
>> >> >>
>> >> >> Rich Wild wrote:
>> >> >>
>> >> >>
>> >> >>>> - see footer for list info -<
>> >> >>>>
>> >> >>> oh, I see, that's what a captcha is..
>> >> >>>
>> >> >>> God I'm so old, I can't keep up with these new fangled wizbits.
>> >> >>>
>> >> >>> Anyway, if like me, you're not a fan of plugging other people's
>> >> >>> things into your site without knowing what they do, that's
>> basically
>> >> >>> the theory.
>> >> >>>
>> >> >>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote:
>> >> >>>
>> >> >>>
>> >> >>>> "The only difficulty would this is get-aroundable by bots,
>> assuming
>> >> >>>> any bot writer cares enough about your site to spend the time
>> >> >>>> rewriting their bot to regex your form field to get the magic
>> >> >>>> word."
>> >> >>>>
>> >> >>>> Aha - so don't use words, use images.
>> >> >>>>
>> >> >>>> I've done this before, and its a little fiddly, but practically
>> >> >>>> 100% spam safe.
>> >> >>>>
>> >> >>>> On the page hit, read a directory full of images that have magic
>> >> >>>> words written on them, the file called the same as the magic
>> word.
>> >> >>>>
>> >> >>>> Get a random one of those filenames:
>> >> >>>> <cfset session.secureImageName = qryImageNames.name[randrange(1,
>> >> >>>> qryImageNames.recordcount)]>
>> >> >>>>
>> >> >>>> set that to a session and display the image in the form -
>> however,
>> >> >>>>
>> >> >> don't
>> >> >>
>> >> >>>> display it using simple <img
>> src="images/secureImages/HYU78.jpg">
>> >> >>>>
>> >> >>>> instead, use a CF page that serves up an image with the
>> appropriate
>> >> >>>> mimetype using cfcontent
>> >> >>>>
>> >> >>>> <img src="serveSecureImage.cfm">
>> >> >>>>
>> >> >>>> In serveSecureImage.cfm, you read the session variable (
>> >> >>>> session.secureImageName ) you set before and return that using
>> >> >>>> cfcontent.
>> >> >>>> This means that bots can't simply read the html on the page and
>> >> >>>> find
>> >> >>>>
>> >> >> the
>> >> >>
>> >> >>>> filename and use that in the input as the magic word.
>> >> >>>>
>> >> >>>> Alternatively, use an image making tag to write a randomly
>> pulled
>> >> >>>> magic word from a database or equivalent and simply serve that -
>> >> >>>> this way
>> >> >>>>
>> >> >> just
>> >> >>
>> >> >>>> stops you having to have a directory full of images, but I
>> had fun
>> >> >>>> making those.
>> >> >>>>
>> >> >>>> If the magic word posted in the form don't fit the served
>> image -
>> >> >>>> don't send the mail!
>> >> >>>>
>> >> >>>> Richio McStitchio
>> >> >>>> Chief Neckchief
>> >> >>>> http://www.theideasbarn.com
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote:
>> >> >>>>
>> >> >>>>>> - see footer for list info -<
>> >> >>>>>>
>> >> >>>>> I'm not a fan of captchas. Generally inacessible, unless you
>> >> >>>>> also
>> >> >>>>>
>> >> >>>> make
>> >> >>>>
>> >> >>>>> an audio version available, and even then not the nicest
>> hoop to
>> >> >>>>>
>> >> >>>> make users
>> >> >>>>
>> >> >>>>> jump through.
>> >> >>>>>
>> >> >>>>> One method I've seen elsewhere, but haven't used myself, is an
>> >> >>>>> additional input box:
>> >> >>>>> The magic word is blah. Please enter the magic word.
>> >> >>>>>
>> >> >>>>> The only place I've seen this method is the mysociety sites,
>> e.g:
>> >> >>>>> http://www.mysociety.org/?p=103
>> >> >>>>>
>> >> >>>>> The only difficulty would this is get-aroundable by bots,
>> >> >>>>> assuming
>> >> >>>>>
>> >> >> any
>> >> >>
>> >> >>>>> bot writer cares enough about your site to spend the time
>> >> >>>>> rewriting
>> >> >>>>>
>> >> >>>> their
>> >> >>>>
>> >> >>>>> bot to regex your form field to get the magic word.
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> Duncan Cumming
>> >> >>>>> New Media Developer
>> >> >>>>> Customer Relations Management / Education Fife Council 700
>> 4105 /
>> >> >>>>> 01592 414105
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>>
>> >> >>>>>>>>
>> >> >>>>>> - see footer for list info -<
>> >> >>>>>>
>> >> >>>>> Hi all.
>> >> >>>>>
>> >> >>>>> I have a contact form which submits an email (cfmail) The
>> form is
>> >> >>>>> being hit by a web bot and sent hundreds of times
>> >> >>>>>
>> >> >>>>> Is there any way I can stop this?
>> >> >>>>>
>> >> >>>>> regards - paul
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> _______________________________________________
>> >> >>>>>
>> >> >>>>> For details on ALL mailing lists and for joining or leaving
>> >> >>>>> lists,
>> >> >>>>>
>> >> >>>> go to
>> >> >>>>
>> >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >>>>>
>> >> >>>>> --
>> >> >>>>> CFDeveloper Sponsors:-
>> >> >>>>>
>> >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >>>>>> - Lists hosted by www.Gradwell.com -<
>> >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>> >> >>>>>> your
>> >> >>>>>>
>> >> >>>> help
>> >> >>>>
>> >> >>>>> -<
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>>>>
>> >> >>
>> >>
>> **********************************************************************
>> >> >>
>> >> >>>>> This email and any files transmitted with it are
>> confidential and
>> >> >>>>> intended solely for the use of the individual or entity to whom
>> >> >>>>>
>> >> >>>> they are
>> >> >>>>
>> >> >>>>> addressed and should not be disclosed to any other party.
>> >> >>>>> If you have received this email in error please notify your
>> >> >>>>> system manager and the sender of this message.
>> >> >>>>>
>> >> >>>>> This email message has been swept for the presence of computer
>> >> >>>>>
>> >> >> viruses
>> >> >>
>> >> >>>>> but no guarantee is given that this e-mail message and any
>> >> >>>>>
>> >> >>>> attachments are
>> >> >>>>
>> >> >>>>> free from viruses.
>> >> >>>>>
>> >> >>>>> Fife Council
>> >> >>>>> Tel: 08451 55 00 00
>> >> >>>>> ************************************************
>> >> >>>>>
>> >> >>>>> _______________________________________________
>> >> >>>>>
>> >> >>>>> For details on ALL mailing lists and for joining or leaving
>> >> >>>>> lists,
>> >> >>>>>
>> >> >>>> go to
>> >> >>>>
>> >> >>>>> http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >>>>>
>> >> >>>>> --
>> >> >>>>> CFDeveloper Sponsors:-
>> >> >>>>>
>> >> >>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >>>>>> - Lists hosted by www.Gradwell.com -<
>> >> >>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>> >> >>>>>> your
>> >> >>>>>>
>> >> >>>> help
>> >> >>>>
>> >> >>>>> -<
>> >> >>>>>
>> >> >>>>>
>> >> >>>>
>> >> >>> _______________________________________________
>> >> >>>
>> >> >>> For details on ALL mailing lists and for joining or leaving
>> lists,
>> >> >>> go to http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >>>
>> >> >>> --
>> >> >>> CFDeveloper Sponsors:-
>> >> >>>
>> >> >>>
>> >> >>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >>>> - Lists hosted by www.Gradwell.com -<
>> >> >>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>> your
>> >> >>>> help -<
>> >> >>>>
>> >> >>>
>> >> >>>
>> >> >> _______________________________________________
>> >> >>
>> >> >> For details on ALL mailing lists and for joining or leaving
>> lists, go
>> >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >>
>> >> >> --
>> >> >> CFDeveloper Sponsors:-
>> >> >>
>> >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >>> - Lists hosted by www.Gradwell.com -<
>> >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>> your
>> >> >>> help
>> >> >>>
>> >> >> -<
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >>
>> >> >> For details on ALL mailing lists and for joining or leaving
>> lists, go
>> >> >> to http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >>
>> >> >> --
>> >> >> CFDeveloper Sponsors:-
>> >> >>
>> >> >>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >>> - Lists hosted by www.Gradwell.com -<
>> >> >>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>> your
>> >> >>> help
>> >> >>>
>> >> >> -<
>> >> >>
>> >> >>
>> >> > _______________________________________________
>> >> >
>> >> > For details on ALL mailing lists and for joining or leaving lists,
>> >> go to
>> >> > http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >
>> >> > --
>> >> > CFDeveloper Sponsors:-
>> >> >
>> >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >> - Lists hosted by www.Gradwell.com -<
>> >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>> >> help
>> >> >> -<
>> >> >>
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> >
>> >> > For details on ALL mailing lists and for joining or leaving lists,
>> >> go to
>> >> http://list.cfdeveloper.co.uk/mailman/listinfo
>> >> >
>> >> > --
>> >> > CFDeveloper Sponsors:-
>> >> >
>> >> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >> - Lists hosted by www.Gradwell.com -<
>> >> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>> >> help
>> >> -<
>> >> >>
>> >> >
>> >> >
>> >>
>> >> _______________________________________________
>> >>
>> >> For details on ALL mailing lists and for joining or leaving lists,
>> go to
>> >> http://list.cfdeveloper.co.uk/mailman/listinfo
>> >>
>> >> --
>> >> CFDeveloper Sponsors:-
>> >> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> >- Lists hosted by www.Gradwell.com -<
>> >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer
>> your help
>> >> -<
>> >>
>> > _______________________________________________
>> >
>> > For details on ALL mailing lists and for joining or leaving lists, go
>> > to http://list.cfdeveloper.co.uk/mailman/listinfo
>> >
>> > --
>> > CFDeveloper Sponsors:-
>> >> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >> - Lists hosted by www.Gradwell.com -<
>> >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>> >> help -<
>> >
>>
>> _______________________________________________
>>
>> For details on ALL mailing lists and for joining or leaving lists, go
>> to http://list.cfdeveloper.co.uk/mailman/listinfo
>>
>> --
>> CFDeveloper Sponsors:-
>> >- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> >- Lists hosted by www.Gradwell.com -<
>> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your
>> help -<
>>
>
>
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
--
Simon Baynes
www.simonbaynes.com
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
