Re: Spam resistent guestbook ?
At 09:54 AM 9/26/2006 +1000, Craig Sanders wrote:
>3. randomise the name of the main input field, and have it change every
>day (or every few hours). e.g. instead of hard-coding the field name,
>have the CGI script fetch the current name of the field from a text
>file. the script can then generate the form with the random field name
>AND know which field name to get the user-submitted post from.
I've been thinking about a rotating field name strategy. It's still subject
to the in-the-end-it's-impossible dictum but it would make it a great deal
harder for the spammer. Because in the end, that's all we can do is make it
harder. The way I would do it would be to have random field names
autogenerated on a per connection basis. So the guestbook script would
generate a set of field names, and associate that with the requesting IP
address or a cookie. The field names could then only be used once in a say
1 hour time span. It can also be made more complex with cookie exchanges.
This would stop the bots that autoscan the net for forms to submit to and
there's no race condition to worry about. But anybody who knows how to use
WWW::Mechanize would eventually come up with a way through this as well.
--
REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=--
"...ne cede malis"
00000100
Reply to: