[Dshield] Web Form Spam Problems
dshield at oitc.com
Wed Apr 25 15:21:50 GMT 2007
>I am supporting a customer who currently has their web site hosted by
>PureHost. Recently they have begun to receive a small amount of spam
>originating from a form on their web site.
>Are there any methods to prevent this type of spam from occurring? What is
>the best method for dealing with this issue and problem?
captcha is the typical approach but I hate them so we use a challenge
/ response and a time window hidden from the user When the user
selects a form a session is started and a secret word is concatinated
to the time and MD5 and placed in the form and the timestamp is
placed in the session variable. When the form is submitted the MD5
form value is co,pared to the newly computed one and a check is made
to instur the form hasen't been lying around stale.
More information about the list