[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Thu Oct 18 13:53:57 MDT 2007


Hey Alex

That's interesting...  so bots fill in fields whether they're hidden  
or not...  who knew?

Thanks, I'll pass this along.

-Joel


On Oct 18, 2007, at 12:45 PM, Alex Gates wrote:

> What about this:
> Make a hidden form field and give it a generic name that the bots  
> will go for - "name" or "URL" or something that isn't already in  
> use - and give it a value of "".
> The bots look for generic names - and it won't really know if it is  
> hidden or not...
> Then, simply reject any submission that has a value in the hidden  
> field.
> Any legitimate submission from a real user won't have anything in  
> that field, since it is a hidden field - but a bot will fill  
> something in...
>
> Alex
>
> Joel Shapiro wrote:
>> Hi all
>> I'm forwarding something from a local colleague.  He's got a site  
>> that's getting hit with form submissions by spammers.
>> He works for a school district.  The site is not meant for the  
>> general public, although it is apparently publicly available and  
>> is not password protected.
>> Any quick suggestions for them?
>> (Sorry the post is so long, but I figured I might as well forward  
>> his whole message.)
>> Thanks,
>> -Joel
>> Begin forwarded message:
>>> Subject: spam and php fmp sites
>>>
>>> Any suggestions on how to stop spam from being submitted on a PHP  
>>> FileMaker
>>> web registration solution, running on a Windows 2003 Server with  
>>> FMAS9?
>>>
>>> The solution does not ask for any password.  Users can hit it  
>>> over the web.
>>> I am not sure how spammers found it if not from webbots....
>>>
>>> One of the functions of the solution is to allow users to send a  
>>> suggestion
>>> via email.  The user goes to a page where they fill in a  
>>> suggestion text
>>> field and hit a submit button which creates are record and  
>>> generates an
>>> email message with to a backend fmp user with the contents of the  
>>> suggestion
>>> field they filled out.
>>> -------------Some spam is beig generated from this function where  
>>> the emails
>>> sent contain spam url's that heve been entered into the  
>>> suggestion text
>>> field.
>>>
>>> Another function of the solution is where users can register for  
>>> a workshop.
>>> They choose a workshop from a list and then fill in their user  
>>> information
>>> and then click a "register" (submit) button which creates a new  
>>> record in
>>> the solution.  Spam URL's are appearing in the user background  
>>> infomration
>>> text fields from these bogus registrations.
>>>
>>> I was thinking that if I required authentication from one account  
>>> therefore
>>> giving all users of the system the same password would prevent  
>>> the spam.
>>>
>>> or
>>>
>>> The instead of FM authentication, make it look like there is a  
>>> password
>>> needed by giving out to all users a universal password which is  
>>> actually
>>> just a phrase they enter into a field when first entering the  
>>> solution and
>>> clicking on a submit button which does a search for that  
>>> phrase...if the
>>> phrase is not correct they are sent to an error page if it is  
>>> found they are
>>> taken to the registration menu.
>>>
>>> Any ideas on how to stop this?  Is anyone encountering similar
>>> problems...where spammers are filing out forms and submitting  
>>> them with SPAM
>>> content??
>>>
>>> Thanks for your help!
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list