>Does anyone have problems with bots randomly submitting forms and is >there a way planned in new Magnolia releases to prevent it?
It's not unknown. With the increase in anti-malware protection, spammers are finding fewer zombie PCs to use to spread their spam. This has (fortunately) caused them problems (not enough problems though) and they've started targetting web-forms that look (to their search agents) like they should send email. As I understand it, it isn't enough to ensure that your web-pages with forms on them are secured against misuse, but you also need to ensure that the underlying CGI code validates all the data it read in, as the spammers don't limit themselves to just the kinds of data your web-form can submit - they'll drive your CGI code directly. A trick I've seen is to require users to "register" on the site (and thus provide an email address that is used to supply a password, thus ensuring that the user does have a valid email address) and use that email address as the "from" field on any emails a CGI script generates, and ensure that your mail relay checks incoming emails for valid "from" addresses. Time-based obfuscated hidden fields that the CGI looks for is another trick - I wouldn't expect spammers to spend too much time working out how to fool your CGI. I've no idea how one might apply these tactics to Magnolia based sites tho' (I'm no expert on Magnolia), but I can tell you that this isn't just a problem with Magnolia sites. Peter _____________________________________________________________________ This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ----------------------------------------------------------------
