On 30.03.2006, at 14:19, Peter Darton wrote:
Does anyone have problems with bots randomly submitting forms and is
there a way planned in new Magnolia releases to prevent it?
It's not unknown.
With the increase in anti-malware protection, spammers are finding
fewer
zombie PCs to use to spread their spam. This has (fortunately) caused
them problems (not enough problems though) and they've started
targetting web-forms that look (to their search agents) like they
should
send email.
As I understand it, it isn't enough to ensure that your web-pages with
forms on them are secured against misuse, but you also need to ensure
that the underlying CGI code validates all the data it read in, as the
spammers don't limit themselves to just the kinds of data your web-
form
can submit - they'll drive your CGI code directly.
if thats the case why not simply calculate a checksum of the
submitted fields in Javascript on the client and check again on the
server before doing anything with the submitted data?
- Boris
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
