cfformprotect will help you with stuff like this
On Tue, Jul 23, 2013 at 12:35 PM, Les Mizzell <lesm...@bellsouth.net> wrote: > > On 7/23/2013 12:51 AM, Justin Scott wrote: > >> Which brings up another security question. How does other sites > >> handle something like this automatically? I mean, if I see an > >> attack from an IP address, is it even worth blocking at the firewall? > > I had an interesting attack yesterday ... > > A bot hit a payment form on a site. It entered*legit* information in all > the blanks, so it passed both client and server side validation. > What it did - in a very short period of time - submitted over 750 > separate credit card numbers, all for small but odd amounts, usually > under $2.00. > Best guess - it had a list of stolen numbers and was looking for "good" > ones it could use elsewhere. > > Only way I could find to stop this was to measure the amount of time > between submissions - around 4 seconds each - and add a script to the > form that would not allow it to be submitted if it took less than a > certain amount of time to filling it out. Fastest I could do it, even > with browser prefill, was around 30 seconds, so I set the timer at 20. > Attack immediately stopped. > > Client originally requested this form be in an "anybody can access" > section of the site, which I protested. Got an idea I can get them to > change their mind when I contact them about it later today. > > Bots and methods used are getting more and more interesting all the > time. The increasing cleverness of some of this stuff keeps me on my toes. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356283 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm