In a my post about stopping spam I forgot to mention that Jacob Munson talked about using Akismet as a service to check your spam mail. Well, I decided to try it out on this blog and it works really well. Apparently there is a spammer using the RIPE Network Coordination Centre from IP address 193.53.87.81 in Amsterdam. He/She really wants to hit my post on Google and Firefox seeing that their bot has tried to post spam 40 times. As far as I can tell, this spammer has been active for a while. At any rate, try Akismet if you haven’t already.
Lu Sancea Misc Akismet, spam
I just watched a video from UGTV on Charlie Arehart’s website done by Jacob Munson. Near the end of the presentation Jacob was talking about how he changed his form names and it broke the spam bots that were hitting his site. He also talked about the concept of using a special key loaded into the session that could be used to check if the person was real or not. The consensus was that manual spammers sucked and you have to use something like Project Honey Pot to try and stop the manual spammers. Well, I agreed with Jacob and the others in the audience, that you have to employ a few different methods to feel even a little safe, but I liked the form name change and session key, so I put together a simple proof of concept. I am still trying to figure out how this method wouldn’t work for bots, so if you know of something let me know.
I started out by setting the appkey and then using it to encrypt the form:
<form action="processForm.cfm" method="post">
<input name="#cfusion_encrypt('firstname',session.appkey)#" type="text" >
<input name="#cfusion_encrypt('lastname',session.appkey)#" type="text" >
<input type="submit" value="go" >
</form>Then, I run through the form and convert out the keys to usable strings, you simply use the new form instead of the form scope.
<cfset newFrm = StructNew()>
<cfloop collection="#FORM#" item="g">
<cfset clearFormName = cfusion_decrypt(g, session.appkey)>
<cfset structInsert(newFrm,variables.clearFormName,FORM[g],'true')>
</cfloop>I figure if the bot is going to be looking through form definitions, then the constantly changing key will mess that up. I think it would be best if you used a really good key for the encryption and then used a different encryption method than the cfusion_encrypt. I just used that for a test. Any thoughts?
Lu Sancea Coldfusion Coldfusion, spam
Recent Comments