[ic] Re: Spammers circumventing form checks

Bill Jones wljone00 at kenetek.com
Tue Oct 9 12:33:16 EDT 2007

We run up against this challenge almost daily in our hosting business. 
Unfortunately, because a form is submitted by the user's browser and not 
by a server it makes securing the form much more difficult. You can have 
your CGI program check the referrer against the URL of the form but 
spammers can easily spoof that as well.  We've had success securing 
forms with two methods.  The first is to have the form dynamically 
created by a simple, server-side program that includes a hidden field 
with a unique identifier in it. This server-generated field is stored in 
a database as well as included in the form's hidden field. On our 
systems it takes the form of a GUID.  This is similar to captcha but 
does not require any input from the user. When the form is submitted, 
the GUID is checked against the database for validity. If the GUID does 
not match, no response is submitted; the request goes unanswered. We 
also implement the other way of securing a form, which is by blocking 
the IP addresses of "users" who are abusing the form.  In our case, 
there are two ways to add an IP address to the black list. The first is 
manually; the second is through the form processing program. We set 
thresholds for the number of submissions in a given period of time and 
the program compares the number of submissions from an IP each time a 
form is submitted. Both of these solutions require programming expertise 
but I doubt that'll be a problem here :-)

- Bill
> ----------------------------------------------------------------------
> Message: 1
> Date: Tue, 9 Oct 2007 03:49:41 -0700
> From: Grant <emailgrant at gmail.com>
> Subject: [ic] Spammers circumventing form checks
> To: interchange-users at icdevgroup.org
> Message-ID:
> 	<49bf44f10710090349t61528abap9e856277e12c7464 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> I have a check set up in my email form that would prevent the spam I
> receive through there from being sent, but it doesn't seem to be
> preventing it.  I guess this means the spammers are posting directly
> to the server and not using the actual page.  Is there any way to
> prevent this from happening?
> - Grant

More information about the interchange-users mailing list