[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Thu Oct 18 13:04:27 MDT 2007

Hi all

I'm forwarding something from a local colleague.  He's got a site  
that's getting hit with form submissions by spammers.

He works for a school district.  The site is not meant for the  
general public, although it is apparently publicly available and is  
not password protected.

Any quick suggestions for them?

(Sorry the post is so long, but I figured I might as well forward his  
whole message.)


Begin forwarded message:

> Subject: spam and php fmp sites
> Any suggestions on how to stop spam from being submitted on a PHP  
> FileMaker
> web registration solution, running on a Windows 2003 Server with  
> FMAS9?
> The solution does not ask for any password.  Users can hit it over  
> the web.
> I am not sure how spammers found it if not from webbots....
> One of the functions of the solution is to allow users to send a  
> suggestion
> via email.  The user goes to a page where they fill in a suggestion  
> text
> field and hit a submit button which creates are record and  
> generates an
> email message with to a backend fmp user with the contents of the  
> suggestion
> field they filled out.
> -------------Some spam is beig generated from this function where  
> the emails
> sent contain spam url's that heve been entered into the suggestion  
> text
> field.
> Another function of the solution is where users can register for a  
> workshop.
> They choose a workshop from a list and then fill in their user  
> information
> and then click a "register" (submit) button which creates a new  
> record in
> the solution.  Spam URL's are appearing in the user background  
> infomration
> text fields from these bogus registrations.
> I was thinking that if I required authentication from one account  
> therefore
> giving all users of the system the same password would prevent the  
> spam.
> or
> The instead of FM authentication, make it look like there is a  
> password
> needed by giving out to all users a universal password which is  
> actually
> just a phrase they enter into a field when first entering the  
> solution and
> clicking on a submit button which does a search for that  
> phrase...if the
> phrase is not correct they are sent to an error page if it is found  
> they are
> taken to the registration menu.
> Any ideas on how to stop this?  Is anyone encountering similar
> problems...where spammers are filing out forms and submitting them  
> with SPAM
> content??
> Thanks for your help!

More information about the FX.php_List mailing list