Unfortunately Andrew things are never that simple.
For every customer like yourself who wants this turned off, there will be
100 customers who want it turned on.
Most people do not know about or care about the security side of hosting,
and just want everything enabled which makes their life
Yeah I guess, but that is why there are log files so there is really no
excuse. But how cost efficient would it be to just move those people over
to their own server so they can effect themselves?
And I would bet that it is these people who also turn off UAC on Windows
and get all types of
unfortunately no host can afford to tell all their customers your better
off elsewhere.
It would not be cost efficient at all to give a shared hosting customer
their own server for the same price, they would lose money, I doubt the
cost would even be remotely covered.
Both of hose solutions
Hi, guys...
I'm been running my first eCommerce setup with a donation
page/form using Authorize.net.
Things have been running fine, excepts for spammers using
the donation form to find legitmate CC numbers so they could
abuse the card in other ways.
I've assumed, up to this point, that the
Russ, I never meant their own server. I meant put all customers who want
the robust onto the same sever.
But I did raise an enhancement with Adobe, where my suggestion is to have
robust exceptions of by default and not be able to enable or disable from
the CF admin. However if the customer wants
I realize that if someone is hiring cheap human labor for $1
per day to sit and enter form info, that I can't stop that,
but if it is bots doing the spamming, will making CF captcha
more difficult to read have a good chance of stopping the bots,
or do I need to get with reCaptcha. I like
Thanks for the recommendation, Dave.
It seems like an all-in-one approach, like CFFormProtect,
might be the only way to beat this thing!
I'll go check it out...
Rick
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: Monday, February 11, 2013 11:30 AM
To: cf-talk
As an FYI, my blog never had a lot of spam, but it was pretty regular. When
I started using CFFP, it dropped dramatically. I can't even remember my
last spam comment.
On Mon, Feb 11, 2013 at 10:43 AM, Rick Faircloth
r...@whitestonemedia.comwrote:
Thanks for the recommendation, Dave.
It
I would not think that is a cost effective solution either as there is such
a small number of customers who would request to be on a secure server.
We offer something like that called semi-dedicated, but it is more
expensive.
If CF had a web admin like Railo, it would solve all those type of
IF, and it's a large IF, but IF you're willing to maintain your own
machine than a slicehost with an open source CFML engine isn't all that
much more expensive than a shared hosting plan. For $20 USD a month you
can have a linode running whatever flavor of headless linux that you
want.
Les Mizzell wrote:
So, anybody know what this is doing?
Allaire Cold Fusion Template
Something similar came up on StackOverflow last week (possibly the same
exploit). That guy said the old AB Positive Encrypt and Decrypt utility was
able to decrypt the file:
Thanks for the feedback, Ray, Dave...
Does CFFormProtect actually submit a form? I haven't parsed through
the code, yet, but I'm trying to determine if it just runs some tests
for validation or does it continue on to submit the form.
The form and processing I've code is quite extensive and
No, it returns a pass/fail type response.In your example, I'd probably add
it after you do client side validation and CF validation, but before the
hit to Authorize.net.
On Mon, Feb 11, 2013 at 12:48 PM, Rick Faircloth
r...@whitestonemedia.comwrote:
Thanks for the feedback, Ray, Dave...
After more unsuccessful testing, I'm assuming that the form
button at the end of the form needs to be an actual button with
a type of submit to work with CFFormProtect?
If so, this won't work because I don't use an actual button with
a type of submit. The submit button for my form is just a
On Mon, Feb 11, 2013 at 1:45 PM, Rick Faircloth r...@whitestonemedia.comwrote:
After more unsuccessful testing, I'm assuming that the form
button at the end of the form needs to be an actual button with
a type of submit to work with CFFormProtect?
Not as far as I know. I'm a bit rusty on
I have just gone through this... A big problem is that the
owner complains and the credit card company charges you a penalty
and if many get through they can dump you.
At first, I banned the IP address when someone tried 3 times
unsuccessfuly. That worked for about a day then they would
Thanks for the info, Al...
It is a royal pain trying to deal with these hackers.
I might just try a combination of two things:
1) a honey pot to catch the humans when it's empty
2) a captcha for the bots who, supposedly, can't read them
Wonder if that would work?
-Original Message-
One site of mine for a dance company used to get a ton of spam through
contact forms. Everybody hated CAPTCHA, so I put a simple question with
radio button choices:
A cow goes?
a. quack
b. woof
c. moo
d. chirp
VERY low tech, but believe it or not, we've not gotten a single piece of
bot spam
Boy was that a stupid, not-thought-out approach!
I was so focused on separating the spamming humans from
the spamming bots, I came up with a solution that wouldn't
let human or bot submit a form, whether the human was a
legitimate donor, or not!
Duh! (It's been a long day... time to go to
Hello,
I can't get OpenSSL to run with CFEXECUTE. I've tried different attempts at the
following but it doesn't work:
cfexecute name = C:\Program Files (x86)\GnuWin32\bin\openssl
arguments = aes-256-cbc -a -salt -in C:\Users\Dev2\Documents\My
Stuff\OpenSSL\secrets.txt -out
Well I guess the ticket I raised is too late
One can already do this
cfset this.enablerobustexception = true /
On Tue, Feb 12, 2013 at 3:53 AM, Leigh cfsearch...@yahoo.com wrote:
Les Mizzell wrote:
So, anybody know what this is doing?
Allaire Cold Fusion Template
Something
I came across an interesting way to get the country from the IP
address.. http://www.mximize.com/getting-country-by-ip-based-on-geolite
I might set this up and block non North American IPs...
At 04:43 PM 2/11/2013, Les Mizzell wrote:
One site of mine for a dance company used to get a ton of
(apologies for the length)
Russ,
I can tell by your comments that you either have dealt with a lot of hosts
or have worked or owned one. Well said.
Having worked in the Hosting space for more than 10 years now, I can safely
say there is absolutely no 100% way to prevent these exploits on any
Often found it easier to put thing like this in a .bat file and run that
with cf execute.
Sometimes using the DOS 8.3 convention for the path to eliminate the spaces
in the folder names makes the quotes less of a hassle too.
Byron Mann
Lead Engineer Architect
HostMySite.com
On Feb 11, 2013
A fairly inexpensive and easy to implement fraud screening service is
maxmind minfraud.
It's something like 0.005 per transaction methinks.
Another method I didn't see in the thread was doing an email confirmation
before performing the cc transaction. Like send an email to the user with
a
On 2/12/2013 12:06 PM, Al Musella, DPM wrote:
I came across an interesting way to get the country from the IP
address.. http://www.mximize.com/getting-country-by-ip-based-on-geolite
I might set this up and block non North American IPs...
i would check w/your client first. not everybody
26 matches
Mail list logo