[FX.php List] Fwd: spam and php fmp sites

Alex Gates alex at gandrpublishing.com
Thu Oct 18 13:45:07 MDT 2007 

What about this:
Make a hidden form field and give it a generic name that the bots will 
go for - "name" or "URL" or something that isn't already in use - and 
give it a value of "".
The bots look for generic names - and it won't really know if it is 
hidden or not...
Then, simply reject any submission that has a value in the hidden field.
Any legitimate submission from a real user won't have anything in that 
field, since it is a hidden field - but a bot will fill something in...

Alex

Joel Shapiro wrote:
> Hi all
> 
> I'm forwarding something from a local colleague.  He's got a site that's 
> getting hit with form submissions by spammers.
> 
> He works for a school district.  The site is not meant for the general 
> public, although it is apparently publicly available and is not password 
> protected.
> 
> Any quick suggestions for them?
> 
> (Sorry the post is so long, but I figured I might as well forward his 
> whole message.)
> 
> Thanks,
> -Joel
> 
> 
> Begin forwarded message:
> 
>> Subject: spam and php fmp sites
>>
>> Any suggestions on how to stop spam from being submitted on a PHP 
>> FileMaker
>> web registration solution, running on a Windows 2003 Server with FMAS9?
>>
>> The solution does not ask for any password.  Users can hit it over the 
>> web.
>> I am not sure how spammers found it if not from webbots....
>>
>> One of the functions of the solution is to allow users to send a 
>> suggestion
>> via email.  The user goes to a page where they fill in a suggestion text
>> field and hit a submit button which creates are record and generates an
>> email message with to a backend fmp user with the contents of the 
>> suggestion
>> field they filled out.
>> -------------Some spam is beig generated from this function where the 
>> emails
>> sent contain spam url's that heve been entered into the suggestion text
>> field.
>>
>> Another function of the solution is where users can register for a 
>> workshop.
>> They choose a workshop from a list and then fill in their user 
>> information
>> and then click a "register" (submit) button which creates a new record in
>> the solution.  Spam URL's are appearing in the user background 
>> infomration
>> text fields from these bogus registrations.
>>
>> I was thinking that if I required authentication from one account 
>> therefore
>> giving all users of the system the same password would prevent the spam.
>>
>> or
>>
>> The instead of FM authentication, make it look like there is a password
>> needed by giving out to all users a universal password which is actually
>> just a phrase they enter into a field when first entering the solution 
>> and
>> clicking on a submit button which does a search for that phrase...if the
>> phrase is not correct they are sent to an error page if it is found 
>> they are
>> taken to the registration menu.
>>
>> Any ideas on how to stop this?  Is anyone encountering similar
>> problems...where spammers are filing out forms and submitting them 
>> with SPAM
>> content??
>>
>> Thanks for your help!
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>

More information about the FX.php_List mailing list