[FX.php List] Fwd: spam and php fmp sites

William Downs william.downs at gmail.com
Fri Oct 19 01:32:12 MDT 2007


Hi Dan,
sorry to add to this again,

But, I use a mathematical equation based captcha routine - where the
user answers a maths question (nothing like the square root of 2000
divided by 2.45) more like 4+5

Works fine,

William

On 10/19/07, Joel Shapiro <jsfmp at earthlink.net> wrote:
> Thanks Dan
>
> That looks pretty cool...  Kind of a text-based captcha, right?
>
> I'll pass it along as another option.
>
> -
> Thanks everyone for all your suggestions!
>
> Best,
> -Joel
>
>
> On Oct 18, 2007, at 1:15 PM, DC wrote:
>
> > i've had success with this script that spells out numbers in
> > english and then you ask the person to type the number. not good
> > for a widespread commercial app, but good (and the technique is
> > obscure) for a small site.
> >
> > function ConvertThree ($intArgNumber, $dispAnd = false)
> > {
> >     $intNumber = '';
> >     $strNumConv = '';
> >
> >     $aySmall = array('Zero', 'One', 'Two', 'Three', 'Four', 'Five',
> > 'Six', 'Seven', 'Eight', 'Nine');
> >     $ayMedium = array('Zero', 'Ten', 'Twenty', 'Thirty', 'Forty',
> > 'Fifty', 'Sixty', 'Seventy', 'Eighty', 'Ninety');
> >     $ayLarge = array('Ten', 'Eleven', 'Twelve', 'Thirteen',
> > 'Fourteen', 'Fifteen', 'Sixteen', 'Seventeen', 'Eighteen',
> > 'Nineteen');
> >
> >     if ($intArgNumber > 99) $strNumConv .= $aySmall[$intArgNumber/
> > 100] . " Hundred";
> >     if (($dispAnd == true) and ($intArgNumber > 99)) $strNumConv .=
> > " and ";
> >
> >     $intNumber = $intArgNumber % 100;
> >     if ($intNumber > 19) {
> >         if ($intArgNumber > 99) $strNumConv .= " ";
> >
> >         $strNumConv .= $ayMedium[$intNumber/10];
> >         if ($intNumber % 10 > 0) $strNumConv .= " " . $aySmall
> > [$intNumber % 10];
> >
> >     } elseif ($intNumber > 9) {
> >         if ($intArgNumber > 99) $strNumConv .= $ayLarge
> > [$intNumber-10];
> >     } elseif ($intNumber > 0) {
> >         if ($intArgNumber > 99)  $strNumConv .= " ";
> >         $strNumConv .= $aySmall[$intNumber];
> >     }
> >     return $strNumConv;
> > }
> >
> > dan
> >
> > Alex Gates had written:
> >> What about this:
> >> Make a hidden form field and give it a generic name that the bots
> >> will go for - "name" or "URL" or something that isn't already in
> >> use - and give it a value of "".
> >> The bots look for generic names - and it won't really know if it
> >> is hidden or not...
> >> Then, simply reject any submission that has a value in the hidden
> >> field.
> >> Any legitimate submission from a real user won't have anything in
> >> that field, since it is a hidden field - but a bot will fill
> >> something in...
> >> Alex
> >> Joel Shapiro wrote:
> >>> Hi all
> >>>
> >>> I'm forwarding something from a local colleague.  He's got a site
> >>> that's getting hit with form submissions by spammers.
> >>>
> >>> He works for a school district.  The site is not meant for the
> >>> general public, although it is apparently publicly available and
> >>> is not password protected.
> >>>
> >>> Any quick suggestions for them?
> >>>
> >>> (Sorry the post is so long, but I figured I might as well forward
> >>> his whole message.)
> >>>
> >>> Thanks,
> >>> -Joel
> >>>
> >>>
> >>> Begin forwarded message:
> >>>
> >>>> Subject: spam and php fmp sites
> >>>>
> >>>> Any suggestions on how to stop spam from being submitted on a
> >>>> PHP FileMaker
> >>>> web registration solution, running on a Windows 2003 Server with
> >>>> FMAS9?
> >>>>
> >>>> The solution does not ask for any password.  Users can hit it
> >>>> over the web.
> >>>> I am not sure how spammers found it if not from webbots....
> >>>>
> >>>> One of the functions of the solution is to allow users to send a
> >>>> suggestion
> >>>> via email.  The user goes to a page where they fill in a
> >>>> suggestion text
> >>>> field and hit a submit button which creates are record and
> >>>> generates an
> >>>> email message with to a backend fmp user with the contents of
> >>>> the suggestion
> >>>> field they filled out.
> >>>> -------------Some spam is beig generated from this function
> >>>> where the emails
> >>>> sent contain spam url's that heve been entered into the
> >>>> suggestion text
> >>>> field.
> >>>>
> >>>> Another function of the solution is where users can register for
> >>>> a workshop.
> >>>> They choose a workshop from a list and then fill in their user
> >>>> information
> >>>> and then click a "register" (submit) button which creates a new
> >>>> record in
> >>>> the solution.  Spam URL's are appearing in the user background
> >>>> infomration
> >>>> text fields from these bogus registrations.
> >>>>
> >>>> I was thinking that if I required authentication from one
> >>>> account therefore
> >>>> giving all users of the system the same password would prevent
> >>>> the spam.
> >>>>
> >>>> or
> >>>>
> >>>> The instead of FM authentication, make it look like there is a
> >>>> password
> >>>> needed by giving out to all users a universal password which is
> >>>> actually
> >>>> just a phrase they enter into a field when first entering the
> >>>> solution and
> >>>> clicking on a submit button which does a search for that
> >>>> phrase...if the
> >>>> phrase is not correct they are sent to an error page if it is
> >>>> found they are
> >>>> taken to the registration menu.
> >>>>
> >>>> Any ideas on how to stop this?  Is anyone encountering similar
> >>>> problems...where spammers are filing out forms and submitting
> >>>> them with SPAM
> >>>> content??
> >>>>
> >>>> Thanks for your help!
> >>>
> >>> _______________________________________________
> >>> FX.php_List mailing list
> >>> FX.php_List at mail.iviking.org
> >>> http://www.iviking.org/mailman/listinfo/fx.php_list
> >>>
> >> _______________________________________________
> >> FX.php_List mailing list
> >> FX.php_List at mail.iviking.org
> >> http://www.iviking.org/mailman/listinfo/fx.php_list
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


-- 
William Downs
Development and Support
BD Databases Ltd


More information about the FX.php_List mailing list