Re: CFFormProtect
No need to assume - just open up dev tools and look at the response after you post a comment to my blog. ;) LOL, well that would require work on my part to come up with a meaningful reply to something. ;-) But that's what I ended up returning and it works perfectly now. Some day when I have more free time I may redo the whole thing to move it into remote method calls so that it matches all the other Ajax on the site but I needed a quick solution and this does the job. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355724 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFormProtect
I'm using it with Ajax. View source on my blog. (Yes, I'm being lazy. ;) Not a problem, I am too. ;-) Thanks, that looks like it will give me a good jump start on doing it. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355662 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFormProtect
Not a problem, I am too. ;-) Thanks, that looks like it will give me a good jump start on doing it. Thanks Ray, got enough from looking at your front-end code to figure it out, only need a few minor tweaks for the cfformprotect code itself. I'm used to doing all my ajax to CF components via remote methods rather than directly posting to a cfm page which seems to be the easiest way to go in this situation, but was easy enough once I figured out that you just need to output the JSON directly to the page (I'm assuming you're just using a struct with a success var and any text message). Not my preferred way of doing Ajax but guess that's just a style thing. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFormProtect
No need to assume - just open up dev tools and look at the response after you post a comment to my blog. ;) On Wed, May 8, 2013 at 5:00 PM, Mary Jo Sminkey mary...@cfwebstore.comwrote: Not a problem, I am too. ;-) Thanks, that looks like it will give me a good jump start on doing it. Thanks Ray, got enough from looking at your front-end code to figure it out, only need a few minor tweaks for the cfformprotect code itself. I'm used to doing all my ajax to CF components via remote methods rather than directly posting to a cfm page which seems to be the easiest way to go in this situation, but was easy enough once I figured out that you just need to output the JSON directly to the page (I'm assuming you're just using a struct with a success var and any text message). Not my preferred way of doing Ajax but guess that's just a style thing. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355664 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFFormProtect
I know a lot of us here love cfformprotect as a captcha replacement. I'm wondering though if anyone has used with for forms submitted via Ajax. I'm assuming it's going to need some tweaking but thought I'd see if anyone has done this, and how much work was involved. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFormProtect
As it is just a case of passing the form fields to formprotect I try should be pretty trivial. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On 7 May 2013 19:42, Mary Jo Sminkey mary...@cfwebstore.com wrote: I know a lot of us here love cfformprotect as a captcha replacement. I'm wondering though if anyone has used with for forms submitted via Ajax. I'm assuming it's going to need some tweaking but thought I'd see if anyone has done this, and how much work was involved. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355660 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFFormProtect
I'm using it with Ajax. View source on my blog. (Yes, I'm being lazy. ;) On Tue, May 7, 2013 at 2:37 PM, Russ Michaels r...@michaels.me.uk wrote: As it is just a case of passing the form fields to formprotect I try should be pretty trivial. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On 7 May 2013 19:42, Mary Jo Sminkey mary...@cfwebstore.com wrote: I know a lot of us here love cfformprotect as a captcha replacement. I'm wondering though if anyone has used with for forms submitted via Ajax. I'm assuming it's going to need some tweaking but thought I'd see if anyone has done this, and how much work was involved. Mary Jo ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355661 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFFormProtect
Is anyone aware of an active forum for CFFormProtect. The project forum at riaforge is inactive. Steve LaBadie, Web Manager East Stroudsburg University 200 Prospect St. East Stroudsburg, Pa 18301 570-422-3999 http://www.esu.edu http://www.esu.edu slaba...@po-box.esu.edu mailto:slaba...@po-box.esu.edu ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326746 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFformprotect
I tried leaving emailServer blank in the cffp.ini.cfm file and email is not delivered. You would probably have to modify any cfmail tags in the code to not include the server attribute. Otherwise, CF will complain if it's left blank. --- MJS ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323135 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFformprotect
Not sure if the developer of CFFormProtect monitors this list, I could not find an email. Maybe someone else can answer my question. Can CFFormProtect use the mail server setup in CFAdmin instead of having to specify mail server settings in the cffp.ini.cfm? I tried leaving emailServer blank in the cffp.ini.cfm file and email is not delivered. Thanks! ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323092 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFormProtect
On Wednesday 07 Nov 2007, [EMAIL PROTECTED] wrote: blocking a single ip address, you could be restricting thousands of users from AOL, and you may not even be restricting the one person (or persons) who have caused the problems. OTOH the only stuff I get from China and Russia is spam, so cutting the whole netblock off would be fine. -- Tom Chiverton Helping to professionally facilitate cross-media bandwidth on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292820 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
CFFormProtect
hi guys, i am using the CFFormProtect cfc to protect one of my client sites from spambots posting to their article comments field. it is working brilliantly - not one dodgy comment has got through. my concern at the moment however is that the site is being bombarded by spam attempts at the moment. i see that CFFormProtect records the offending IP address. would it be an option for me to log these IP's and include a check on these?? or would there be simply too many of them? any thoughts would be appreciated. mike ~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292799 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFormProtect
'To block or not to block by Ip address...' this is a tough question to deal with, since it involves such drastic measures. I always try to exhaust all of my other alternatives before using the IP address. One of the issues with them is their finite limited numbers. Because of this, some larger (and smaller) systems use general ip addresses to represent thousands of 'surfers'. an example would be AOL. By blocking a single ip address, you could be restricting thousands of users from AOL, and you may not even be restricting the one person (or persons) who have caused the problems. If you can identify an 'area' or 'region' that is causing troubles, (There are some foreign countries that are routinely filtered out.), you can find out the 'blocks' of ip addresses that represent those countries and block them out in that manner. William -Original Message -From: [EMAIL PROTECTED] -Date: Nov 6, 2007 15:01 -To: CF-Talkcf-talk@houseoffusion.com -Subj: CFFormProtect - -hi guys, - -i am using the CFFormProtect cfc to protect one of my client sites from spambots posting to their article comments field. it is working brilliantly - not one dodgy comment has got through. - -my concern at the moment however is that the site is being bombarded by spam attempts at the moment. - -i see that CFFormProtect records the offending IP address. would it be an option for me to log these IP's and include a check on these?? or would there be simply too many of them? - -any thoughts would be appreciated. - -mike - - ~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finderproductID=1522loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292807 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFormProtect
thanks william for that. i definitely do not want to block 'groups' of users if they are indeed valid. as mentioned the blocker in it's current state is working perfectly. i wonder if i am not trying to complicate things?? just frustrated as the the exponential increase in spam attempts as the site gets more hits. mike ~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292809 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFFormProtect vs. Captcha
Hello all, I have been searching for a captcha alternative that will identify non-human form entries. I would like to know what you think about Jacob Munson's CFFormProtect. Also, I anyone knows of other effective methods to identify non-human activities, that you can share, that'll be great. Again, I am already aware of the captcha tags and cfcs available- however, what I am looking for are the captcha alternative methods. Thank you in advance. Michael ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276070 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFormProtect vs. Captcha
I've used Jacob's CFFormProtect and its been awesome. It catches spam attempts everyday and I've not had one go through yet. Rey... Michael E. Carluen wrote: Hello all, I have been searching for a captcha alternative that will identify non-human form entries. I would like to know what you think about Jacob Munson's CFFormProtect. Also, I anyone knows of other effective methods to identify non-human activities, that you can share, that'll be great. Again, I am already aware of the captcha tags and cfcs available- however, what I am looking for are the captcha alternative methods. Thank you in advance. Michael ~| Macromedia ColdFusion MX7 Upgrade to MX7 experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276071 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFFormProtect vs. Captcha
As a user, I dislike captchas. Checking the contents of a hidden form field, and screening out http://; from certain fields, eliminated 100% of the automated spam on a site I help maintain. I don't have experience with cfformprotect. Seems similar to the ASP.NET Ajax NoBots solution found here: http://ajax.asp.net/ajaxtoolkit/NoBot/NoBot.aspx Good luck, Mike Chabot On 4/23/07, Michael E. Carluen [EMAIL PROTECTED] wrote: Hello all, I have been searching for a captcha alternative that will identify non-human form entries. I would like to know what you think about Jacob Munson's CFFormProtect. Also, I anyone knows of other effective methods to identify non-human activities, that you can share, that'll be great. Again, I am already aware of the captcha tags and cfcs available- however, what I am looking for are the captcha alternative methods. Thank you in advance. Michael ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276072 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFFormProtect vs. Captcha
On 4/23/07, Mike Chabot [EMAIL PROTECTED] wrote: As a user, I dislike captchas. Checking the contents of a hidden form field, and screening out http://; from certain fields, eliminated 100% of the automated spam on a site I help maintain. I don't have experience with cfformprotect. Seems similar to the ASP.NET Ajax NoBots solution found here: http://ajax.asp.net/ajaxtoolkit/NoBot/NoBot.aspx Good luck, Mike Chabot Yeah, I really dislike the new captcha hostmysite is using to enter the control panel. what a pain in the ass. ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276073 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFormProtect vs. Captcha
Hei Michael, I have implemented cfformprotect in several sites and it works a treat: easy to implement, customizable and filters spam like a treat. The only issue with it is obviously, that it uses JS and therefore is not fully accessible. (But then, some of the Captchas not even I can read - and my eyesight is good. So much for accessibility). If accessibility is non of your concern, then go for cfformprotect. Adrian [EMAIL PROTECTED] 24/04/2007 3:33 am Hello all, I have been searching for a captcha alternative that will identify non-human form entries. I would like to know what you think about Jacob Munson's CFFormProtect. Also, I anyone knows of other effective methods to identify non-human activities, that you can share, that'll be great. Again, I am already aware of the captcha tags and cfcs available- however, what I am looking for are the captcha alternative methods. Thank you in advance. Michael ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:276086 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ANN: New CFFormProtect release
Possible varient - just display three images and then ask people to click on them in order, for example Click on the dog, then the cat, then the bird. To increase the number of varients security you could allow images to be clicked more than once Click the cat, then the cat, then the dog. On 30/10/06, Munson, Jacob [EMAIL PROTECTED] wrote: CFFormProtect is an alternative Captcha implementation that tries to be more user friendly than the obfuscated text images. In short, the user is asked to select the correct image out of a set. No difficult to read text, just click the correct images. Check out the features, and download the project at Riaforge: http://cfformprotect.riaforge.org/ Try a demo here: http://www.techfeed.net/cffpdemo/ The feedback I got on my first release of CFFormProtect was great, and the biggest concern was that bots could successfully guess the correct image with a 1 in 3 probability (33%). CFFormProtect now only has a 6.6% chance of being broken. I did this by displaying the three images twice, in random order. You have to correctly click on two of the six displayed images, and if you are incorrect you get a new random set, with a new correct answer. The goal with CFFormProtect is to make form validation brain dead easy for users, but very difficult for spam bots. Planned for the next release: 1. Improve image loading speed (I already know how I'm going to do this) 2. Set a failure limit; after x strikes, your out 3. Display 9 images instead of 6, to increase security (this would be a setting, so if you think 6 is enough you can easily change it) Please give me feedback, and feel free to submit patches if you wanna fix something. :) --- Jake Munson Web Developer IT Department Idaho Power Boise, Idaho 208-388-5665 -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == EMF idahopower.com made the previous annotations. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258519 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: ANN: New CFFormProtect release
Good ideas. The only thing that bothers me about that is it makes the user think more than I wanted for this. But it could be an option, or variant like you said. :) -Original Message- From: Wayne Putterill [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 31, 2006 1:11 AM To: CF-Talk Subject: Re: ANN: New CFFormProtect release Possible varient - just display three images and then ask people to click on them in order, for example Click on the dog, then the cat, then the bird. To increase the number of varients security you could allow images to be clicked more than once Click the cat, then the cat, then the dog. On 30/10/06, Munson, Jacob [EMAIL PROTECTED] wrote: CFFormProtect is an alternative Captcha implementation that tries to be more user friendly than the obfuscated text images. In short, the user is asked to select the correct image out of a set. No difficult to read text, just click the correct images. Check out the features, and download the project at Riaforge: http://cfformprotect.riaforge.org/ Try a demo here: http://www.techfeed.net/cffpdemo/ EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258589 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
ANN: New CFFormProtect release
CFFormProtect is an alternative Captcha implementation that tries to be more user friendly than the obfuscated text images. In short, the user is asked to select the correct image out of a set. No difficult to read text, just click the correct images. Check out the features, and download the project at Riaforge: http://cfformprotect.riaforge.org/ Try a demo here: http://www.techfeed.net/cffpdemo/ The feedback I got on my first release of CFFormProtect was great, and the biggest concern was that bots could successfully guess the correct image with a 1 in 3 probability (33%). CFFormProtect now only has a 6.6% chance of being broken. I did this by displaying the three images twice, in random order. You have to correctly click on two of the six displayed images, and if you are incorrect you get a new random set, with a new correct answer. The goal with CFFormProtect is to make form validation brain dead easy for users, but very difficult for spam bots. Planned for the next release: 1. Improve image loading speed (I already know how I'm going to do this) 2. Set a failure limit; after x strikes, your out 3. Display 9 images instead of 6, to increase security (this would be a setting, so if you think 6 is enough you can easily change it) Please give me feedback, and feel free to submit patches if you wanna fix something. :) --- Jake Munson Web Developer IT Department Idaho Power Boise, Idaho 208-388-5665 -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == EMF idahopower.com made the previous annotations. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258469 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ANN: CFFormProtect, new open source project
We did a version of the human auth tag - the major advantage being that it's accessible. It only uses 2 images, so bots have a 50/50 chance of getting it right - but since we can't use captcha, 50% less spam is better than nothing. It's pretty similar to Jacobs, except it asks the user to select a nature picture, and the alt text then has words that a sight-impaired user would able to logically deduce fit the criteria. For example: glassy lake vs. telephone. Ours uses a back-end home-grown content server cfc (to get around sandbox issues) - so it's not very sharable as is - but if anyone wants to try to take what we did and make it more open-source-ish, you'd be welcome to do that. On 10/25/06, Munson, Jacob [EMAIL PROTECTED] wrote: True, there is a 1 and 3 chance. In the next release I want to put a failure limit in, so bots can't keep hitting it until they get it right. I suppose I could also add more images to decrease the odds. The biggest advantage I hoped was to make it easier on the user. -Original Message- From: Michael Traher [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 1:21 PM To: CF-Talk Subject: Re: ANN: CFFormProtect, new open source project what advantage does it have over the usual CAPTCHA method apart from being prettier? I would have thought that a bot would take its 1 in 3 chance and you would therefore not block the bots so effectively. On 10/24/06, Munson, Jacob [EMAIL PROTECTED] wrote: I'm releasing a new open source project, called CFFormProtect (licensed under MPL). This attempts to be more user friendly than the obfuscated text type of CAPTCHA. CFFormProtect displays three pictures, and the user is asked to click on the correct image. This is a variation of CAPTCHA I've read about, but haven't seen in use. You can see a screenshot and get the download at the project page: http://cfformprotect.riaforge.org/ EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258089 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: ANN: CFFormProtect, new open source project
I went a different route on my blog. Besides accessibility issues, I wanted to make it my responsibility rather than my users to prove they are human. So I maintain a blacklist. More importantly I set two session variables on my comment form (a session.commentuser and a session.commentdatetime) which I use on the comment add page. If the session variables don't exist (meaning the posting didn't come from my form on my site, then the user is blacklisted using both ip and email. (When I was getting bombarded by spam comments, I logged them all and realized that spammers do re-use ip addresses and email addresses). I also maintain a word blacklist that blacklists all comments containing frequent spam words. I add to that all the time. When a new user comes in, the comment gets posted and an email comes to me with the comment. I have the option of either whitelisting a user (in which case they can post from that email and ip without further intervention from me. If the user is blacklisted already, their comment gets thrown out and never sees the light of day. New posters are sent to me and I have the opportunity to whitelist or blacklist them at that point. My spam has dropped from 100-250 spam comments a day to about 5-15 a week, which is extremely manageable. I need to rework the word blacklist so that I can update that automatically (currently its in an .ini file, which I am adding to manually and uploading). Although both Captcha's and Human Auth tags are understandable in the context of being bombarded by spam, I don't think its fair to require our users to prove they are human. Sandra Clark == http://www.shayna.com Training in Cascading Style Sheets and Accessibility -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 7:55 AM To: CF-Talk Subject: Re: ANN: CFFormProtect, new open source project We did a version of the human auth tag - the major advantage being that it's accessible. It only uses 2 images, so bots have a 50/50 chance of getting it right - but since we can't use captcha, 50% less spam is better than nothing. It's pretty similar to Jacobs, except it asks the user to select a nature picture, and the alt text then has words that a sight-impaired user would able to logically deduce fit the criteria. For example: glassy lake vs. telephone. Ours uses a back-end home-grown content server cfc (to get around sandbox issues) - so it's not very sharable as is - but if anyone wants to try to take what we did and make it more open-source-ish, you'd be welcome to do that. On 10/25/06, Munson, Jacob [EMAIL PROTECTED] wrote: True, there is a 1 and 3 chance. In the next release I want to put a failure limit in, so bots can't keep hitting it until they get it right. I suppose I could also add more images to decrease the odds. The biggest advantage I hoped was to make it easier on the user. -Original Message- From: Michael Traher [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 1:21 PM To: CF-Talk Subject: Re: ANN: CFFormProtect, new open source project what advantage does it have over the usual CAPTCHA method apart from being prettier? I would have thought that a bot would take its 1 in 3 chance and you would therefore not block the bots so effectively. On 10/24/06, Munson, Jacob [EMAIL PROTECTED] wrote: I'm releasing a new open source project, called CFFormProtect (licensed under MPL). This attempts to be more user friendly than the obfuscated text type of CAPTCHA. CFFormProtect displays three pictures, and the user is asked to click on the correct image. This is a variation of CAPTCHA I've read about, but haven't seen in use. You can see a screenshot and get the download at the project page: http://cfformprotect.riaforge.org/ EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258090
RE: ANN: CFFormProtect, new open source project
What about huge sites like Amazon.com? I can understand the desire to make forms more accessible, but it seems like you need to draw a line at some point. If you're getting thousands of form submissions a day, you're going to have to hire an army of people to manually sift through stuff. I think that's why the big companies implement a customer service number for people that can't use the forms. -Original Message- From: Sandra Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 6:13 AM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project I went a different route on my blog. Besides accessibility issues, I wanted to make it my responsibility rather than my users to prove they are human. So I maintain a blacklist. More importantly I set two session variables on my comment form (a session.commentuser and a session.commentdatetime) which I use on the comment add page. If the session variables don't exist (meaning the posting didn't come from my form on my site, then the user is blacklisted using both ip and email. (When I was getting bombarded by spam comments, I logged them all and realized that spammers do re-use ip addresses and email addresses). I also maintain a word blacklist that blacklists all comments containing frequent spam words. I add to that all the time. When a new user comes in, the comment gets posted and an email comes to me with the comment. I have the option of either whitelisting a user (in which case they can post from that email and ip without further intervention from me. If the user is blacklisted already, their comment gets thrown out and never sees the light of day. New posters are sent to me and I have the opportunity to whitelist or blacklist them at that point. My spam has dropped from 100-250 spam comments a day to about 5-15 a week, which is extremely manageable. I need to rework the word blacklist so that I can update that automatically (currently its in an .ini file, which I am adding to manually and uploading). Although both Captcha's and Human Auth tags are understandable in the context of being bombarded by spam, I don't think its fair to require our users to prove they are human. EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258142 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: ANN: CFFormProtect, new open source project
Forms themselves are very easy to make accessible through markup. That isn't the point. Case in point, Amazon doesn't rely on a captcha for anything. Instead, prior to writing a review, they require you have made a purchase and that the credit card go through. Neither does Ebay. Captchas or Human Auth's don't make forms more accessible, they make them less so, by making a person prove they are real and not a bot. For a small site like mine, my solution is working very well. Not many of us have to implement sites the size of Amazon or Ebay. Sandra Clark == http://www.shayna.com Training in Cascading Style Sheets and Accessibility -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 1:20 PM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project What about huge sites like Amazon.com? I can understand the desire to make forms more accessible, but it seems like you need to draw a line at some point. If you're getting thousands of form submissions a day, you're going to have to hire an army of people to manually sift through stuff. I think that's why the big companies implement a customer service number for people that can't use the forms. -Original Message- From: Sandra Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 6:13 AM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project I went a different route on my blog. Besides accessibility issues, I wanted to make it my responsibility rather than my users to prove they are human. So I maintain a blacklist. More importantly I set two session variables on my comment form (a session.commentuser and a session.commentdatetime) which I use on the comment add page. If the session variables don't exist (meaning the posting didn't come from my form on my site, then the user is blacklisted using both ip and email. (When I was getting bombarded by spam comments, I logged them all and realized that spammers do re-use ip addresses and email addresses). I also maintain a word blacklist that blacklists all comments containing frequent spam words. I add to that all the time. When a new user comes in, the comment gets posted and an email comes to me with the comment. I have the option of either whitelisting a user (in which case they can post from that email and ip without further intervention from me. If the user is blacklisted already, their comment gets thrown out and never sees the light of day. New posters are sent to me and I have the opportunity to whitelist or blacklist them at that point. My spam has dropped from 100-250 spam comments a day to about 5-15 a week, which is extremely manageable. I need to rework the word blacklist so that I can update that automatically (currently its in an .ini file, which I am adding to manually and uploading). Although both Captcha's and Human Auth tags are understandable in the context of being bombarded by spam, I don't think its fair to require our users to prove they are human. EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258144 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: ANN: CFFormProtect, new open source project
Neither does Ebay Speaking of E-bay, they use some sort of algorithm to try and pinpoint spam. I tried to send a user a message once after an auction just to ask if he was going to re-list and I got an automated reply back saying my message had been blocked because it might have been spam. That ticked me off. I would have GLADLY typed in a quick Captcha in order to get my message through than to have E-Bay automated message tell me to screw off and not even provide a way to vindicate myself. Luckily I had the guys E-mail ~Brad -Original Message- From: Sandra Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 12:49 PM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project Forms themselves are very easy to make accessible through markup. That isn't the point. Case in point, Amazon doesn't rely on a captcha for anything. Instead, prior to writing a review, they require you have made a purchase and that the credit card go through. Neither does Ebay. Captchas or Human Auth's don't make forms more accessible, they make them less so, by making a person prove they are real and not a bot. For a small site like mine, my solution is working very well. Not many of us have to implement sites the size of Amazon or Ebay. Sandra Clark == http://www.shayna.com Training in Cascading Style Sheets and Accessibility -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 1:20 PM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project What about huge sites like Amazon.com? I can understand the desire to make forms more accessible, but it seems like you need to draw a line at some point. If you're getting thousands of form submissions a day, you're going to have to hire an army of people to manually sift through stuff. I think that's why the big companies implement a customer service number for people that can't use the forms. -Original Message- From: Sandra Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 6:13 AM To: CF-Talk Subject: RE: ANN: CFFormProtect, new open source project I went a different route on my blog. Besides accessibility issues, I wanted to make it my responsibility rather than my users to prove they are human. So I maintain a blacklist. More importantly I set two session variables on my comment form (a session.commentuser and a session.commentdatetime) which I use on the comment add page. If the session variables don't exist (meaning the posting didn't come from my form on my site, then the user is blacklisted using both ip and email. (When I was getting bombarded by spam comments, I logged them all and realized that spammers do re-use ip addresses and email addresses). I also maintain a word blacklist that blacklists all comments containing frequent spam words. I add to that all the time. When a new user comes in, the comment gets posted and an email comes to me with the comment. I have the option of either whitelisting a user (in which case they can post from that email and ip without further intervention from me. If the user is blacklisted already, their comment gets thrown out and never sees the light of day. New posters are sent to me and I have the opportunity to whitelist or blacklist them at that point. My spam has dropped from 100-250 spam comments a day to about 5-15 a week, which is extremely manageable. I need to rework the word blacklist so that I can update that automatically (currently its in an .ini file, which I am adding to manually and uploading). Although both Captcha's and Human Auth tags are understandable in the context of being bombarded by spam, I don't think its fair to require our users to prove they are human. EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258146 Subscription: http://www.houseoffusion.com
RE: ANN: CFFormProtect, new open source project
True, there is a 1 and 3 chance. In the next release I want to put a failure limit in, so bots can't keep hitting it until they get it right. I suppose I could also add more images to decrease the odds. The biggest advantage I hoped was to make it easier on the user. -Original Message- From: Michael Traher [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 1:21 PM To: CF-Talk Subject: Re: ANN: CFFormProtect, new open source project what advantage does it have over the usual CAPTCHA method apart from being prettier? I would have thought that a bot would take its 1 in 3 chance and you would therefore not block the bots so effectively. On 10/24/06, Munson, Jacob [EMAIL PROTECTED] wrote: I'm releasing a new open source project, called CFFormProtect (licensed under MPL). This attempts to be more user friendly than the obfuscated text type of CAPTCHA. CFFormProtect displays three pictures, and the user is asked to click on the correct image. This is a variation of CAPTCHA I've read about, but haven't seen in use. You can see a screenshot and get the download at the project page: http://cfformprotect.riaforge.org/ EMF idahopower.com made the following annotations. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258058 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
ANN: CFFormProtect, new open source project
I'm releasing a new open source project, called CFFormProtect (licensed under MPL). This attempts to be more user friendly than the obfuscated text type of CAPTCHA. CFFormProtect displays three pictures, and the user is asked to click on the correct image. This is a variation of CAPTCHA I've read about, but haven't seen in use. You can see a screenshot and get the download at the project page: http://cfformprotect.riaforge.org/ Features: * Displays as a CSS div on top of the page, near the middle * Image names are obfuscated, so bots can't read them. * Images are displayed in random order. * If user selects wrong image, a new random set is created if they try again. * Any 3 images can be dropped in and CFFormProtect will automatically use them * Works on any operating system (most CF CAPTCHA packages only work on Windows servers). * Drop into your web root and use for all sites. * Form action page is protected as well (spam bots often directly access the form processor). * Easily customize the display text and error messages. * Customize the formatting with CSS. Please respond with any feedback. Now back to your regularly scheduled programming. - -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == EMF idahopower.com made the previous annotations. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257902 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: ANN: CFFormProtect, new open source project
what advantage does it have over the usual CAPTCHA method apart from being prettier? I would have thought that a bot would take its 1 in 3 chance and you would therefore not block the bots so effectively. On 10/24/06, Munson, Jacob [EMAIL PROTECTED] wrote: I'm releasing a new open source project, called CFFormProtect (licensed under MPL). This attempts to be more user friendly than the obfuscated text type of CAPTCHA. CFFormProtect displays three pictures, and the user is asked to click on the correct image. This is a variation of CAPTCHA I've read about, but haven't seen in use. You can see a screenshot and get the download at the project page: http://cfformprotect.riaforge.org/ Features: * Displays as a CSS div on top of the page, near the middle * Image names are obfuscated, so bots can't read them. * Images are displayed in random order. * If user selects wrong image, a new random set is created if they try again. * Any 3 images can be dropped in and CFFormProtect will automatically use them * Works on any operating system (most CF CAPTCHA packages only work on Windows servers). * Drop into your web root and use for all sites. * Form action page is protected as well (spam bots often directly access the form processor). * Easily customize the display text and error messages. * Customize the formatting with CSS. Please respond with any feedback. Now back to your regularly scheduled programming. - -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. == EMF idahopower.com made the previous annotations. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:257905 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4