[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Fri Oct 19 11:12:23 MDT 2007


Thanks William (no need to apologize... I appreciate it)

I had thought captcha only referred to those squiggly alphanumeric- 
string images that online payment sites use... I hadn't realized it  
could be so roll-your-own, as people here have suggested.

-Joel (not Dan :)


On Oct 19, 2007, at 12:32 AM, William Downs wrote:

> Hi Dan,
> sorry to add to this again,
>
> But, I use a mathematical equation based captcha routine - where the
> user answers a maths question (nothing like the square root of 2000
> divided by 2.45) more like 4+5
>
> Works fine,
>
> William
>
> On 10/19/07, Joel Shapiro <jsfmp at earthlink.net> wrote:
>> Thanks Dan
>>
>> That looks pretty cool...  Kind of a text-based captcha, right?
>>
>> I'll pass it along as another option.
>>
>> -
>> Thanks everyone for all your suggestions!
>>
>> Best,
>> -Joel
>>
>>
>> On Oct 18, 2007, at 1:15 PM, DC wrote:
>>
>>> i've had success with this script that spells out numbers in
>>> english and then you ask the person to type the number. not good
>>> for a widespread commercial app, but good (and the technique is
>>> obscure) for a small site.
>>>
>>> function ConvertThree ($intArgNumber, $dispAnd = false)
>>> {
>>>     $intNumber = '';
>>>     $strNumConv = '';
>>>
>>>     $aySmall = array('Zero', 'One', 'Two', 'Three', 'Four', 'Five',
>>> 'Six', 'Seven', 'Eight', 'Nine');
>>>     $ayMedium = array('Zero', 'Ten', 'Twenty', 'Thirty', 'Forty',
>>> 'Fifty', 'Sixty', 'Seventy', 'Eighty', 'Ninety');
>>>     $ayLarge = array('Ten', 'Eleven', 'Twelve', 'Thirteen',
>>> 'Fourteen', 'Fifteen', 'Sixteen', 'Seventeen', 'Eighteen',
>>> 'Nineteen');
>>>
>>>     if ($intArgNumber > 99) $strNumConv .= $aySmall[$intArgNumber/
>>> 100] . " Hundred";
>>>     if (($dispAnd == true) and ($intArgNumber > 99)) $strNumConv .=
>>> " and ";
>>>
>>>     $intNumber = $intArgNumber % 100;
>>>     if ($intNumber > 19) {
>>>         if ($intArgNumber > 99) $strNumConv .= " ";
>>>
>>>         $strNumConv .= $ayMedium[$intNumber/10];
>>>         if ($intNumber % 10 > 0) $strNumConv .= " " . $aySmall
>>> [$intNumber % 10];
>>>
>>>     } elseif ($intNumber > 9) {
>>>         if ($intArgNumber > 99) $strNumConv .= $ayLarge
>>> [$intNumber-10];
>>>     } elseif ($intNumber > 0) {
>>>         if ($intArgNumber > 99)  $strNumConv .= " ";
>>>         $strNumConv .= $aySmall[$intNumber];
>>>     }
>>>     return $strNumConv;
>>> }
>>>
>>> dan
>>>
>>> Alex Gates had written:
>>>> What about this:
>>>> Make a hidden form field and give it a generic name that the bots
>>>> will go for - "name" or "URL" or something that isn't already in
>>>> use - and give it a value of "".
>>>> The bots look for generic names - and it won't really know if it
>>>> is hidden or not...
>>>> Then, simply reject any submission that has a value in the hidden
>>>> field.
>>>> Any legitimate submission from a real user won't have anything in
>>>> that field, since it is a hidden field - but a bot will fill
>>>> something in...
>>>> Alex
>>>> Joel Shapiro wrote:
>>>>> Hi all
>>>>>
>>>>> I'm forwarding something from a local colleague.  He's got a site
>>>>> that's getting hit with form submissions by spammers.
>>>>>
>>>>> He works for a school district.  The site is not meant for the
>>>>> general public, although it is apparently publicly available and
>>>>> is not password protected.
>>>>>
>>>>> Any quick suggestions for them?
>>>>>
>>>>> (Sorry the post is so long, but I figured I might as well forward
>>>>> his whole message.)
>>>>>
>>>>> Thanks,
>>>>> -Joel
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> Subject: spam and php fmp sites
>>>>>>
>>>>>> Any suggestions on how to stop spam from being submitted on a
>>>>>> PHP FileMaker
>>>>>> web registration solution, running on a Windows 2003 Server with
>>>>>> FMAS9?
>>>>>>
>>>>>> The solution does not ask for any password.  Users can hit it
>>>>>> over the web.
>>>>>> I am not sure how spammers found it if not from webbots....
>>>>>>
>>>>>> One of the functions of the solution is to allow users to send a
>>>>>> suggestion
>>>>>> via email.  The user goes to a page where they fill in a
>>>>>> suggestion text
>>>>>> field and hit a submit button which creates are record and
>>>>>> generates an
>>>>>> email message with to a backend fmp user with the contents of
>>>>>> the suggestion
>>>>>> field they filled out.
>>>>>> -------------Some spam is beig generated from this function
>>>>>> where the emails
>>>>>> sent contain spam url's that heve been entered into the
>>>>>> suggestion text
>>>>>> field.
>>>>>>
>>>>>> Another function of the solution is where users can register for
>>>>>> a workshop.
>>>>>> They choose a workshop from a list and then fill in their user
>>>>>> information
>>>>>> and then click a "register" (submit) button which creates a new
>>>>>> record in
>>>>>> the solution.  Spam URL's are appearing in the user background
>>>>>> infomration
>>>>>> text fields from these bogus registrations.
>>>>>>
>>>>>> I was thinking that if I required authentication from one
>>>>>> account therefore
>>>>>> giving all users of the system the same password would prevent
>>>>>> the spam.
>>>>>>
>>>>>> or
>>>>>>
>>>>>> The instead of FM authentication, make it look like there is a
>>>>>> password
>>>>>> needed by giving out to all users a universal password which is
>>>>>> actually
>>>>>> just a phrase they enter into a field when first entering the
>>>>>> solution and
>>>>>> clicking on a submit button which does a search for that
>>>>>> phrase...if the
>>>>>> phrase is not correct they are sent to an error page if it is
>>>>>> found they are
>>>>>> taken to the registration menu.
>>>>>>
>>>>>> Any ideas on how to stop this?  Is anyone encountering similar
>>>>>> problems...where spammers are filing out forms and submitting
>>>>>> them with SPAM
>>>>>> content??
>>>>>>
>>>>>> Thanks for your help!
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>
>
> -- 
> William Downs
> Development and Support
> BD Databases Ltd
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list