[ic] Re: Spammers circumventing form checks
Bill Jones
wljone00 at kenetek.com
Tue Oct 9 12:33:16 EDT 2007
We run up against this challenge almost daily in our hosting business.
Unfortunately, because a form is submitted by the user's browser and not
by a server it makes securing the form much more difficult. You can have
your CGI program check the referrer against the URL of the form but
spammers can easily spoof that as well. We've had success securing
forms with two methods. The first is to have the form dynamically
created by a simple, server-side program that includes a hidden field
with a unique identifier in it. This server-generated field is stored in
a database as well as included in the form's hidden field. On our
systems it takes the form of a GUID. This is similar to captcha but
does not require any input from the user. When the form is submitted,
the GUID is checked against the database for validity. If the GUID does
not match, no response is submitted; the request goes unanswered. We
also implement the other way of securing a form, which is by blocking
the IP addresses of "users" who are abusing the form. In our case,
there are two ways to add an IP address to the black list. The first is
manually; the second is through the form processing program. We set
thresholds for the number of submissions in a given period of time and
the program compares the number of submissions from an IP each time a
form is submitted. Both of these solutions require programming expertise
but I doubt that'll be a problem here :-)
- Bill
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 9 Oct 2007 03:49:41 -0700
> From: Grant <emailgrant at gmail.com>
> Subject: [ic] Spammers circumventing form checks
> To: interchange-users at icdevgroup.org
> Message-ID:
> <49bf44f10710090349t61528abap9e856277e12c7464 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I have a check set up in my email form that would prevent the spam I
> receive through there from being sent, but it doesn't seem to be
> preventing it. I guess this means the spammers are posting directly
> to the server and not using the actual page. Is there any way to
> prevent this from happening?
>
> - Grant
>
>
More information about the interchange-users
mailing list