Re: Spam resistent guestbook ?

To: debian-isp@lists.debian.org
Subject: Re: Spam resistent guestbook ?
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 26 Sep 2006 09:54:11 +1000
Message-id: <[🔎] 20060925235411.GK7118@taz.net.au>
In-reply-to: <[🔎] 4517F8F2.1090002@thecsl.org>
References: <[🔎] 4517F8F2.1090002@thecsl.org>

On Mon, Sep 25, 2006 at 11:42:42AM -0400, Dan MacNeil wrote:
> One of our customers makes great use of a guestbook.
> 
> Unfortunately it is getting 10-20 spam postings a day.
> 
> Anyone have a spam resistant guestbook they like?
> 
> I've search the fine web w/o much closure.

some ideas, in order of increasing complexity:

1. make the guestbook private - post only, no public reading.

2. make the guestbook moderated - posts only become visible to the public
after they have been manually approved

3. randomise the name of the main input field, and have it change every
day (or every few hours). e.g. instead of hard-coding the field name,
have the CGI script fetch the current name of the field from a text
file. the script can then generate the form with the random field name
AND know which field name to get the user-submitted post from.

(minor drawback is that there is a race-condition. if the user fetches
the form before the field name changes and submits the form after it
changes, then you have to check for that error condition and ask them to
resubmit).

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

Follow-Ups:
- Re: Spam resistent guestbook ?
  - From: Marty Landman <mlandman@face2interface.com>

References:
- Spam resistent guestbook ?
  - From: Dan MacNeil <dan@thecsl.org>

Prev by Date: Re: Spam resistent guestbook ?
Next by Date: Re: Spam resistent guestbook ?
Previous by thread: Re: Spam resistent guestbook ?
Next by thread: Re: Spam resistent guestbook ?
Index(es):
- Date
- Thread