[Dshield] Web Form Spam Problems

Tom dshield at oitc.com
Wed Apr 25 15:21:50 GMT 2007


>I am supporting a customer who currently has their web site hosted by
>PureHost.  Recently they have begun to receive a small amount of spam
>originating from a form on their web site.
>
>
>
>Are there any methods to prevent this type of spam from occurring?  What is
>the best method for dealing with this issue and problem?

Paul,

captcha is the typical approach but I hate them so we use a challenge 
/ response and a time window hidden from the user When the user 
selects a form a session is started and a secret word is concatinated 
to the time and MD5 and placed in the form and the timestamp is 
placed in the session variable.  When the form is submitted the MD5 
form value is co,pared to the newly computed one and a check is made 
to instur the form hasen't been lying around stale.

Tom


More information about the list mailing list