Anti-Form Spam code test

Posted At : November 21, 2006 4:23 PM | Posted By : Michael Dinowitz
Related Categories: Spam

I have what looks like a perfect anti-form spam system in place and I need to have it tested. If anyone reading this can post a comment, I'd appreciate it. Any error messages you may get or anything else would also be appreciated. There should not be any, but....

The idea is to create an encrypted application variable that is passed in the comment form to the action page. If it exists and is of the right value, then the comment is from a form. If not or if it does not exist, then the content if from a bot. The application var is re-created on a random basis with extra code to make sure that no one is 'caught' in a recreation.

The system is still beatable by human spammers and bots that actually read a form before each posting.

If it works like I want it too, then I'll post up the code with full examples of use. It's either this or Flash forms. :)

Comments (6) |

Print |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 4558 Views

Related Blog Entries

Really stopping blog spam - part 1 (August 4, 2006)

Comments

[Add Comment]

This is an automated SPAM message..... just kidding :P

If this posts well I guess it all works well.

Cheers,
Trond

# Posted By Trond Ulseth | 11/21/06 5:01 PM

Testing your Anti-SPAM code.

# Posted By Demian | 11/21/06 5:23 PM

How now brown cow. I guess it works.

# Posted By James, F.E. | 11/21/06 5:38 PM

I'm taking an awful risk, Vader. This had better work.

# Posted By Brian Kotek | 11/21/06 8:53 PM

test

# Posted By Scott | 11/21/06 10:59 PM

I have used a similar solution for some time now with success. I create a hidden field named using a hash of the session ID and pass an encrypted version of the session ID as the hidden field value. Since the session ID changes for each visitor the field name and value are essentially random. On submission I check that the field exists and contains the correct value - the current session ID - before processing the form data.

# Posted By Johan | 11/22/06 2:59 PM

[Add Comment]

The Fusion Authority Quarterly Update

Fusion Authority Quarterly Update - ColdFusion 8 Special Edition

Archives By Subject

Advertising (2) [RSS]
Adwords (2) [RSS]
Announcements (4) [RSS]
best practices (4) [RSS]
Blog (4) [RSS]
Browsers (1) [RSS]
CFC (5) [RSS]
Coding (17) [RSS]
ColdFusion 8 (2) [RSS]
ColdFusion IDE (1) [RSS]
Database (1) [RSS]
Errors (4) [RSS]
Frameworks (4) [RSS]
Fusion Authority Quarterly Update (3) [RSS]
Google (3) [RSS]
Gotcha (2) [RSS]
IE (1) [RSS]
JRun (1) [RSS]
Max 2005 (12) [RSS]
Max 2008 (1) [RSS]
New Ideas (5) [RSS]
News (1) [RSS]
OOP (5) [RSS]
Opinion (13) [RSS]
optimization (3) [RSS]
Rant (5) [RSS]
Regular Expressions (2) [RSS]
Security (1) [RSS]
SEO (1) [RSS]
Server (2) [RSS]
Spam (7) [RSS]
Statistics (1) [RSS]
Stupid Articles (5) [RSS]
User Interface (1) [RSS]