Hmmm... good idea. Though the testing/form filler tools I've seen aren't using pasting. They are generating keystrokes and targeting them into the appropriate fields.
With the tools I've seen, the ability exists to put pauses in, but that would effectively restrict volume submissions for a spammer, and therefore cut down significantly on traffic. The only drawback is for forms that a user accesses multiple times and may use previously submitted data. In those cases, they might resubmit the form as-is, thus invalidating the timer. Also, note that the confirmation page is CAPTCHA. Darin. ----- Original Message ----- From: Marc Catuogno To: declude.junkmail@declude.com Sent: Wednesday, April 09, 2008 12:22 PM Subject: RE: [Declude.JunkMail] form spam filter One thing we did on our domain is to ban "pasting" so that the scripts couldn't paste their info into our fields. Also I just had an idea and asked the webmaster if he could program the form to perform a different action if the form page was opened for too short of a time period. Like shoot to a second page that would ask for a confirmation click or word to be typed in. This assumes that a person would take significantly more time to fill a form than a program, even if it is a keystroke generator From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, April 09, 2008 11:54 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] form spam filter Matt, I did understand. What I'm saying is that it doesn't always work. To clarify, in addition to less sophisticated automated form fillers that would fill out all fields, there are also more sophisticated ones that use keystroke generators to fill out forms. I just saw one in the public domain last month. CAPTCHA doesn't have this problem, would defeat those automated form fillers, and is therefore more reliable with similarly very little effort to implement. Darin. ----- Original Message ----- From: Matt To: declude.junkmail@declude.com Sent: Wednesday, April 09, 2008 11:45 AM Subject: Re: [Declude.JunkMail] form spam filter No, I understood completely. I've seen forms with fields hidden by DIVs still filled out. Some of the less sophisticated spam form fillers I've seen used simply filled out every field. They were not looking to see what was "visible" and what wasn't. Actually this is the part that you misunderstood. The DIV's with visibility hidden will never be filled out by real people, but they will get filled out by form spam sending robots. So if they get filled out, you pretend the submission was successful, but you don't generate the E-mail. It's a simple trick, and it works. Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
