[FX.php List] Fwd: spam and php fmp sites
Joel Shapiro
jsfmp at earthlink.net
Thu Oct 18 13:53:57 MDT 2007
Hey Alex
That's interesting... so bots fill in fields whether they're hidden
or not... who knew?
Thanks, I'll pass this along.
-Joel
On Oct 18, 2007, at 12:45 PM, Alex Gates wrote:
> What about this:
> Make a hidden form field and give it a generic name that the bots
> will go for - "name" or "URL" or something that isn't already in
> use - and give it a value of "".
> The bots look for generic names - and it won't really know if it is
> hidden or not...
> Then, simply reject any submission that has a value in the hidden
> field.
> Any legitimate submission from a real user won't have anything in
> that field, since it is a hidden field - but a bot will fill
> something in...
>
> Alex
>
> Joel Shapiro wrote:
>> Hi all
>> I'm forwarding something from a local colleague. He's got a site
>> that's getting hit with form submissions by spammers.
>> He works for a school district. The site is not meant for the
>> general public, although it is apparently publicly available and
>> is not password protected.
>> Any quick suggestions for them?
>> (Sorry the post is so long, but I figured I might as well forward
>> his whole message.)
>> Thanks,
>> -Joel
>> Begin forwarded message:
>>> Subject: spam and php fmp sites
>>>
>>> Any suggestions on how to stop spam from being submitted on a PHP
>>> FileMaker
>>> web registration solution, running on a Windows 2003 Server with
>>> FMAS9?
>>>
>>> The solution does not ask for any password. Users can hit it
>>> over the web.
>>> I am not sure how spammers found it if not from webbots....
>>>
>>> One of the functions of the solution is to allow users to send a
>>> suggestion
>>> via email. The user goes to a page where they fill in a
>>> suggestion text
>>> field and hit a submit button which creates are record and
>>> generates an
>>> email message with to a backend fmp user with the contents of the
>>> suggestion
>>> field they filled out.
>>> -------------Some spam is beig generated from this function where
>>> the emails
>>> sent contain spam url's that heve been entered into the
>>> suggestion text
>>> field.
>>>
>>> Another function of the solution is where users can register for
>>> a workshop.
>>> They choose a workshop from a list and then fill in their user
>>> information
>>> and then click a "register" (submit) button which creates a new
>>> record in
>>> the solution. Spam URL's are appearing in the user background
>>> infomration
>>> text fields from these bogus registrations.
>>>
>>> I was thinking that if I required authentication from one account
>>> therefore
>>> giving all users of the system the same password would prevent
>>> the spam.
>>>
>>> or
>>>
>>> The instead of FM authentication, make it look like there is a
>>> password
>>> needed by giving out to all users a universal password which is
>>> actually
>>> just a phrase they enter into a field when first entering the
>>> solution and
>>> clicking on a submit button which does a search for that
>>> phrase...if the
>>> phrase is not correct they are sent to an error page if it is
>>> found they are
>>> taken to the registration menu.
>>>
>>> Any ideas on how to stop this? Is anyone encountering similar
>>> problems...where spammers are filing out forms and submitting
>>> them with SPAM
>>> content??
>>>
>>> Thanks for your help!
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list