Patrick R. Michaud wrote: > On Fri, Feb 09, 2007 at 02:49:45PM -0500, Sandy wrote:
>> I'm using Emailform-s , which supposedly requires entry of a three-digit >> random code, but it looks like the spammer is circumventing that entirely. > > Actually, the way that emailform-s is written it's not at all hard for > a spammer to circumvent the random code. All the spammer has to do > is to submit a form where the 'ACodeReturn' hidden field matches > the 'ACodeEntered' field. The spammer can even use any code he/she/it > wants -- all the recipe is doing on the receiving end is checking > that the two fields match. (In fact, if the spammer just leaves > both fields off entirely the recipe will deliver the message.) Ah, well, another program to move to the "learning PHP" pile. I "borrowed" the code from one of the CommentBox recipes, but obviously missed a bit. Spam is still less than before I started using it. >> Any ideas? Not the biggest source of spam I get, but I'd like to squash it. > > I think the mailform recipe probably needs some re-working from scratch, > especially to take advantage of some of PmWiki 2.2's new features. > I've also been toying with the idea of creating a (:input captcha:) > control that can be placed in forms to perform captcha-like verification. > In which case I'll not rush to improve it, unless I feel like the exercise. Cheers! Sandy _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users