On 2/12/2013 12:06 PM, Al Musella, DPM wrote:
>
> I came across an interesting way to get the country from the IP
> address.. http://www.mximize.com/getting-country-by-ip-based-on-geolite
> I might set this up and block non North American IPs...
i would check w/your client first. not everybody ou
A fairly inexpensive and easy to implement fraud screening service is
maxmind minfraud.
It's something like 0.005 per transaction methinks.
Another method I didn't see in the thread was doing an email confirmation
before performing the cc transaction. Like send an email to the user with
a uniqu
Often found it easier to put thing like this in a .bat file and run that
with cf execute.
Sometimes using the DOS 8.3 convention for the path to eliminate the spaces
in the folder names makes the quotes less of a hassle too.
Byron Mann
Lead Engineer & Architect
HostMySite.com
On Feb 11, 2013 6:1
(apologies for the length)
Russ,
I can tell by your comments that you either have dealt with a lot of hosts
or have worked or owned one. Well said.
Having worked in the Hosting space for more than 10 years now, I can safely
say there is absolutely no 100% way to prevent these exploits on any
pl
I came across an interesting way to get the country from the IP
address.. http://www.mximize.com/getting-country-by-ip-based-on-geolite
I might set this up and block non North American IPs...
At 04:43 PM 2/11/2013, Les Mizzell wrote:
>One site of mine for a dance company used to get a ton of s
Well I guess the ticket I raised is too late
One can already do this
On Tue, Feb 12, 2013 at 3:53 AM, Leigh wrote:
>
> > Les Mizzell wrote:
> > So, anybody know what this is doing?
> > Allaire Cold Fusion Template
>
> Something similar came up on StackOverflow last week (possibly t
Hello,
I can't get OpenSSL to run with CFEXECUTE. I've tried different attempts at the
following but it doesn't work:
But then I'll run CFEXECUTE with OpenSSL, and just one argument, "version" for
example, and it runs fine.
Is there a way to do CFEXECUTE with multiple arguments?
Pete
Boy was that a stupid, not-thought-out approach!
I was so focused on separating the spamming humans from
the spamming bots, I came up with a solution that wouldn't
let human or bot submit a form, whether the human was a
legitimate donor, or not!
Duh! (It's been a long day... time to go to Outbac
One site of mine for a dance company used to get a ton of spam through
contact forms. Everybody hated CAPTCHA, so I put a simple question with
radio button choices:
A cow goes?
a. quack
b. woof
c. moo
d. chirp
VERY low tech, but believe it or not, we've not gotten a single piece of
bot spam s
Thanks for the info, Al...
It is a royal pain trying to deal with these hackers.
I might just try a combination of two things:
1) a honey pot to catch the humans when it's empty
2) a captcha for the bots who, supposedly, can't read them
Wonder if that would work?
-Original Message-
Fr
I have just gone through this... A big problem is that the
owner complains and the credit card company charges you a penalty
and if many get through they can dump you.
At first, I banned the IP address when someone tried 3 times
unsuccessfuly. That worked for about a day then they would co
On Mon, Feb 11, 2013 at 1:45 PM, Rick Faircloth wrote:
>
> After more unsuccessful testing, I'm assuming that the form
> button at the end of the form needs to be an actual button with
> a type of "submit" to work with CFFormProtect?
>
>
Not as far as I know. I'm a bit rusty on the API, but here
After more unsuccessful testing, I'm assuming that the form
button at the end of the form needs to be an actual button with
a type of "submit" to work with CFFormProtect?
If so, this won't work because I don't use an actual button with
a type of "submit". The "submit" button for my form is just a
No, it returns a pass/fail type response.In your example, I'd probably add
it after you do client side validation and CF validation, but before the
hit to Authorize.net.
On Mon, Feb 11, 2013 at 12:48 PM, Rick Faircloth
wrote:
>
> Thanks for the feedback, Ray, Dave...
>
> Does CFFormProtect actu
Thanks for the feedback, Ray, Dave...
Does CFFormProtect actually submit a form? I haven't parsed through
the code, yet, but I'm trying to determine if it just runs some tests
for validation or does it continue on to submit the form.
The form and processing I've code is quite extensive and invol
> Les Mizzell wrote:
> So, anybody know what this is doing?
> Allaire Cold Fusion Template
Something similar came up on StackOverflow last week (possibly the same
exploit). That guy said the old AB Positive Encrypt and Decrypt utility was
able to decrypt the file:
http://www.adobe.com/cfusion/e
IF, and it's a large IF, but IF you're willing to maintain your own
machine than a slicehost with an open source CFML engine isn't all that
much more expensive than a shared hosting plan. For $20 USD a month you
can have a linode running whatever flavor of headless linux that you
want. Throw
I would not think that is a cost effective solution either as there is such
a small number of customers who would request to be on a "secure" server.
We offer something like that called "semi-dedicated", but it is more
expensive.
If CF had a web admin like Railo, it would solve all those type of
As an FYI, my blog never had a lot of spam, but it was pretty regular. When
I started using CFFP, it dropped dramatically. I can't even remember my
last spam comment.
On Mon, Feb 11, 2013 at 10:43 AM, Rick Faircloth
wrote:
>
> Thanks for the recommendation, Dave.
>
> It seems like an "all-in-on
Thanks for the recommendation, Dave.
It seems like an "all-in-one" approach, like CFFormProtect,
might be the only way to beat this thing!
I'll go check it out...
Rick
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: Monday, February 11, 2013 11:30 AM
To: cf-talk
> I realize that if someone is hiring cheap human labor for $1
> per day to sit and enter form info, that I can't stop that,
> but if it is bots doing the spamming, will making CF captcha
> more difficult to read have a good chance of stopping the bots,
> or do I need to get with reCaptcha. I lik
Russ, I never meant their own server. I meant put all customers who want
the robust onto the same sever.
But I did raise an enhancement with Adobe, where my suggestion is to have
robust exceptions of by default and not be able to enable or disable from
the CF admin. However if the customer wants
Hi, guys...
I'm been running my first eCommerce setup with a donation
page/form using Authorize.net.
Things have been running fine, excepts for spammers using
the donation form to find legitmate CC numbers so they could
abuse the card in other ways.
I've assumed, up to this point, that the spam
unfortunately no host can afford to tell all their customers "your better
off elsewhere".
It would not be cost efficient at all to give a shared hosting customer
their own server for the same price, they would lose money, I doubt the
cost would even be remotely covered.
Both of hose solutions wou
Yeah I guess, but that is why there are log files so there is really no
excuse. But how cost efficient would it be to just move those people over
to their own server so they can effect themselves?
And I would bet that it is these people who also turn off UAC on Windows
and get all types of infect
Unfortunately Andrew things are never that simple.
For every customer like yourself who wants this turned off, there will be
100 customers who want it turned on.
Most people do not know about or care about the security side of hosting,
and just want everything enabled which makes their life easie
26 matches
Mail list logo