[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Thu Oct 18 13:56:10 MDT 2007 

Ahh... so you create your OWN captcha... (or pseudo-captcha).  Very  
nice.

Thanks Bob, I'll pass this along too!

-Joel


On Oct 18, 2007, at 12:51 PM, Bob Patin wrote:

> I use a validation routine, much like blog post pages do; it  
> ensures that the forms are being submitted by humans, and has  
> stopped that problem on my own and clients' sites.
>
> I have a set of number images (one per digit); I create a 6 or 7- 
> digit random number, which dictates what set of 6 or 7 number  
> images are put together to form a single image. Then the user has  
> to type in the number that he sees, which allows the post to be made.
>
> Bob Patin
> Longterm Solutions
> bob at longtermsolutions.com
> 615-333-6858
> http://www.longtermsolutions.com
> Member of FileMaker Business Alliance and FileMaker TechNet
>
>   CONTACT US VIA INSTANT MESSAGING:
>      AIM or iChat: longterm1954
>      Yahoo: longterm_solutions
>      MSN: tech at longtermsolutions.com
>      ICQ: 159333060
>
> --------------------------
> Contact us for FileMaker hosting for all versions of FileMaker
> PHP • CDML • Full email services • Free DNS hosting • Colocation •  
> Consulting
>
>
> On Oct 18, 2007, at 2:04 PM, Joel Shapiro wrote:
>
>> Hi all
>>
>> I'm forwarding something from a local colleague.  He's got a site  
>> that's getting hit with form submissions by spammers.
>>
>> He works for a school district.  The site is not meant for the  
>> general public, although it is apparently publicly available and  
>> is not password protected.
>>
>> Any quick suggestions for them?
>>
>> (Sorry the post is so long, but I figured I might as well forward  
>> his whole message.)
>>
>> Thanks,
>> -Joel
>>
>>
>> Begin forwarded message:
>>
>>> Subject: spam and php fmp sites
>>>
>>> Any suggestions on how to stop spam from being submitted on a PHP  
>>> FileMaker
>>> web registration solution, running on a Windows 2003 Server with  
>>> FMAS9?
>>>
>>> The solution does not ask for any password.  Users can hit it  
>>> over the web.
>>> I am not sure how spammers found it if not from webbots....
>>>
>>> One of the functions of the solution is to allow users to send a  
>>> suggestion
>>> via email.  The user goes to a page where they fill in a  
>>> suggestion text
>>> field and hit a submit button which creates are record and  
>>> generates an
>>> email message with to a backend fmp user with the contents of the  
>>> suggestion
>>> field they filled out.
>>> -------------Some spam is beig generated from this function where  
>>> the emails
>>> sent contain spam url's that heve been entered into the  
>>> suggestion text
>>> field.
>>>
>>> Another function of the solution is where users can register for  
>>> a workshop.
>>> They choose a workshop from a list and then fill in their user  
>>> information
>>> and then click a "register" (submit) button which creates a new  
>>> record in
>>> the solution.  Spam URL's are appearing in the user background  
>>> infomration
>>> text fields from these bogus registrations.
>>>
>>> I was thinking that if I required authentication from one account  
>>> therefore
>>> giving all users of the system the same password would prevent  
>>> the spam.
>>>
>>> or
>>>
>>> The instead of FM authentication, make it look like there is a  
>>> password
>>> needed by giving out to all users a universal password which is  
>>> actually
>>> just a phrase they enter into a field when first entering the  
>>> solution and
>>> clicking on a submit button which does a search for that  
>>> phrase...if the
>>> phrase is not correct they are sent to an error page if it is  
>>> found they are
>>> taken to the registration menu.
>>>
>>> Any ideas on how to stop this?  Is anyone encountering similar
>>> problems...where spammers are filing out forms and submitting  
>>> them with SPAM
>>> content??
>>>
>>> Thanks for your help!
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list