[FX.php List] Fwd: spam and php fmp sites

DC dan.cynosure at dbmscan.com
Thu Oct 18 14:15:00 MDT 2007 

i've had success with this script that spells out numbers in english and 
then you ask the person to type the number. not good for a widespread 
commercial app, but good (and the technique is obscure) for a small site.

function ConvertThree ($intArgNumber, $dispAnd = false)
{
     $intNumber = '';
     $strNumConv = '';

     $aySmall = array('Zero', 'One', 'Two', 'Three', 'Four', 'Five', 
'Six', 'Seven', 'Eight', 'Nine');
     $ayMedium = array('Zero', 'Ten', 'Twenty', 'Thirty', 'Forty', 
'Fifty', 'Sixty', 'Seventy', 'Eighty', 'Ninety');
     $ayLarge = array('Ten', 'Eleven', 'Twelve', 'Thirteen', 'Fourteen', 
'Fifteen', 'Sixteen', 'Seventeen', 'Eighteen', 'Nineteen');

     if ($intArgNumber > 99) $strNumConv .= $aySmall[$intArgNumber/100] 
. " Hundred";
     if (($dispAnd == true) and ($intArgNumber > 99)) $strNumConv .= " 
and ";

     $intNumber = $intArgNumber % 100;
     if ($intNumber > 19) {
         if ($intArgNumber > 99) $strNumConv .= " ";

         $strNumConv .= $ayMedium[$intNumber/10];
         if ($intNumber % 10 > 0) $strNumConv .= " " . 
$aySmall[$intNumber % 10];

     } elseif ($intNumber > 9) {
         if ($intArgNumber > 99) $strNumConv .= $ayLarge[$intNumber-10];
     } elseif ($intNumber > 0) {
         if ($intArgNumber > 99)  $strNumConv .= " ";
         $strNumConv .= $aySmall[$intNumber];
     }
     return $strNumConv;
}

dan

Alex Gates had written:
> What about this:
> Make a hidden form field and give it a generic name that the bots will 
> go for - "name" or "URL" or something that isn't already in use - and 
> give it a value of "".
> The bots look for generic names - and it won't really know if it is 
> hidden or not...
> Then, simply reject any submission that has a value in the hidden field.
> Any legitimate submission from a real user won't have anything in that 
> field, since it is a hidden field - but a bot will fill something in...
> 
> Alex
> 
> Joel Shapiro wrote:
>> Hi all
>>
>> I'm forwarding something from a local colleague.  He's got a site 
>> that's getting hit with form submissions by spammers.
>>
>> He works for a school district.  The site is not meant for the general 
>> public, although it is apparently publicly available and is not 
>> password protected.
>>
>> Any quick suggestions for them?
>>
>> (Sorry the post is so long, but I figured I might as well forward his 
>> whole message.)
>>
>> Thanks,
>> -Joel
>>
>>
>> Begin forwarded message:
>>
>>> Subject: spam and php fmp sites
>>>
>>> Any suggestions on how to stop spam from being submitted on a PHP 
>>> FileMaker
>>> web registration solution, running on a Windows 2003 Server with FMAS9?
>>>
>>> The solution does not ask for any password.  Users can hit it over 
>>> the web.
>>> I am not sure how spammers found it if not from webbots....
>>>
>>> One of the functions of the solution is to allow users to send a 
>>> suggestion
>>> via email.  The user goes to a page where they fill in a suggestion text
>>> field and hit a submit button which creates are record and generates an
>>> email message with to a backend fmp user with the contents of the 
>>> suggestion
>>> field they filled out.
>>> -------------Some spam is beig generated from this function where the 
>>> emails
>>> sent contain spam url's that heve been entered into the suggestion text
>>> field.
>>>
>>> Another function of the solution is where users can register for a 
>>> workshop.
>>> They choose a workshop from a list and then fill in their user 
>>> information
>>> and then click a "register" (submit) button which creates a new 
>>> record in
>>> the solution.  Spam URL's are appearing in the user background 
>>> infomration
>>> text fields from these bogus registrations.
>>>
>>> I was thinking that if I required authentication from one account 
>>> therefore
>>> giving all users of the system the same password would prevent the spam.
>>>
>>> or
>>>
>>> The instead of FM authentication, make it look like there is a password
>>> needed by giving out to all users a universal password which is actually
>>> just a phrase they enter into a field when first entering the 
>>> solution and
>>> clicking on a submit button which does a search for that phrase...if the
>>> phrase is not correct they are sent to an error page if it is found 
>>> they are
>>> taken to the registration menu.
>>>
>>> Any ideas on how to stop this?  Is anyone encountering similar
>>> problems...where spammers are filing out forms and submitting them 
>>> with SPAM
>>> content??
>>>
>>> Thanks for your help!
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>

More information about the FX.php_List mailing list