House of Fusion
Home of the ColdFusion Community

Search nycfug

November 21, 2008

<<   <   Today   >   >>
Su Mo Tu We Th Fr Sa
             1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30             

ColdFusion News

Adobe® ColdFusion® 8 Faster than ever
Upgrade Today

Adobe® ColdFusion® 8 The most dramatic release to date
Free Trial

Adobe® ColdFusion® 8 - There’s never been
A better time to be a ColdFusion Developer
Free Trial

Search over 2,500 ColdFusion resources here  >>>      
Home /  Groups /  New York ColdFusion Users Group (NYCFUG)

Email form spam attack

  << Previous Post |  RSS |  Sort Oldest First |  Sort Latest First |  Subscribe to this Group Next >> 
Hi Folks
Rob Voyle
04/01/08 07:05 P
I have suffered with this crap for years.
Michael
04/01/08 08:48 P
Top  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Rob Voyle
04/01/2008 07:05 PM

Hi Folks I have a CF email contact form on my website. It requires First name, Last name, email address and the body of the email. before the submission is accepted.  Recently it was hit with a bunch of automated spam attacks so I added a graphical security image that needs to be included. The automated spam is still getting thru, with the first and last names blank and the graphical security image being ignored.  I can't replicate this manually.   Any ideas how to prevent it. Thanks Rob    Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Core Elements of the Appreciative Way http://www.clergyleadership.com/ 503-647-2378 or 503-647-2382

Top  |   Parent  |   Reply  |   Original Post  |   RSS Feed  |   Subscribe to this Group
Author:
Michael
04/01/2008 08:48 PM

I have suffered with this crap for years. What I do is filter for code like /url and brackets and braces and similar  and log the message as junk and send it to a different table where I log the ip if it a spammer and use the logged ip to filter out posters, I cflocation them to FTC frauds and scams page if their ip matches. Check for a pattern that a normal poster would not do and try to filter on that. I also take service calls this way from my clients and it is extremely important not to chase junk. Also I check for referring page that should match the domain of the processing page, if they fail that I send them to FTC Then I check message field for unwanted keywords and junk the message that way and  e-mail field certain domain names and log the message as junk and send it to a different table where I log the ip if it a spam type message. One other passing a hidden calculated number from one page to the next and reject the person if the variable fails a check one that I find works is 22/7 plus the date as a number confuses most script kiddies   one problem if you have a person who starts  just before midnight, which could be  8 or 9 elsewhere in the country. I monitor loaded pages and I find that spammers just post to processing page, so if they are over doing it I just change the processing page name normal users never notice. I am  building  tables that contains words and phrases that would be used in a automotive racing site or a alpine ski racing site and then check a message or a posting if it did not match at least once it would be labeled junk and processed accordingly. michael Rob Voyle wrote: ----- Excess quoted text cut - see Original Post for more -----


<< Previous Thread Today's Threads Next Thread >>

Mailing Lists

Latest Fusion Authority Articles

ColdFusion 8 VPS hosting plans

Want a number like 800-ColdFusion?

My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?

www.MyTollFree800Number.com