I had the same problem, I used a random session variable, but they still
got through.
I devised a way of avoiding several types of spam bots with some scripts
I made.
First of all, the form has no action="" when it is loaded, and therefore
the simplest spam bots won't know where to send the in
Hi Michael.
Can you think of any good reason to accept a submission via a known open
proxy? You can grab a maintained open proxy list and use it for a while
Rolan-style... to tag potential spam as an experiment. Every market is
different, but in the tech world I see no valid reason to accept
] On Behalf Of Michael Southwell
> Sent: Tuesday, May 01, 2007 11:34 AM
> To: talk@lists.nyphp.org
> Subject: [nyphp-talk] form spoofing
>
> I thought I was following best practices (
> http://www.nyphp.org/phundamentals/spoofed_submission.php )
> in creating a comment form
But this hasn't helped much; I still get a few of them, though I
can't figure out how they can be generated. Any advice?
Yeah... you could add a spam/bayesian filter to your form processing
or use a web service like Akismet to see if it may be spam.
Another option would be to log the user-
Michael Southwell wrote:
I thought I was following best practices (
http://www.nyphp.org/phundamentals/spoofed_submission.php ) in
creating a comment form for a restaurant client (There is no security
issue here; the comments are emailed):
snip
But this hasn't helped much; I still get a few
I thought I was following best practices (
http://www.nyphp.org/phundamentals/spoofed_submission.php ) in
creating a comment form for a restaurant client (There is no security
issue here; the comments are emailed):
I stored a random token in the session:
session_start();
if ( ! isset( $_SESSI
