Boy was that a stupid, not-thought-out approach! I was so focused on separating the spamming humans from the spamming bots, I came up with a solution that wouldn't let human or bot submit a form, whether the human was a legitimate donor, or not!
Duh! (It's been a long day... time to go to Outback!) Rick -----Original Message----- From: Rick Faircloth [mailto:r...@whitestonemedia.com] Sent: Monday, February 11, 2013 4:40 PM To: cf-talk Subject: RE: Problem with Hackers on Donation form through Authorize.net Thanks for the info, Al... It is a royal pain trying to deal with these hackers. I might just try a combination of two things: 1) a honey pot to catch the humans when it's empty 2) a captcha for the bots who, supposedly, can't read them Wonder if that would work? -----Original Message----- From: Al Musella, DPM [mailto:muse...@virtualtrials.com] Sent: Monday, February 11, 2013 4:32 PM To: cf-talk Subject: RE: Problem with Hackers on Donation form through Authorize.net I have just gone through this... A big problem is that the owner complains and the credit card company charges you a penalty and if many get through they can dump you. At first, I banned the IP address when someone tried 3 times unsuccessfuly. That worked for about a day then they would come back and try again, but with different IPs. Must be real people and not a bot. Then I tried something different... if someone tries 3 times without success, I flag the IP address and then when they submit a donation, I return the page that says it failed (and I do not even send it on to the credit card company). I also flag the entire subnet to make it harder to get around. Most are from south america and china.. should probably reject any non north american ip.. A few people have called me and told me they tried to make a donation and they get rejected for no apparent reason.. in which case I take the donation by phone. I went about a month without 1 complaint so it might be working! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354466 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm