Jump to content

Recommended Posts

If I'm calling the Action page of a Form-submission page via AJAX, what are the possibilities of getting spams?

 

I don't want to use CAPTCHA images.

 

Instead of regular on-submit POST of form, I have tried on-click POST via ajax to the action page, and there is only server side validation.

 

Is it safe ? OR Still spamers can get these POST variables ?

 

I'm unclear of these things, can anybody tell?

Link to comment
https://forums.phpfreaks.com/topic/173761-ajax-form-submission-safe-from-spams/
Share on other sites

Its simple.

 

Just have a message saying click to confirm user then set a session, after that all forms will be processed instantly. I have this set up on my site.

 

I also found bots/spiders following ajax hyperlinks so put rel=nofollow in the hyperlink

The chance that you will receive spam is just as big with an Ajax form as it would be with a non Ajax form. Someone could easily find the location of the script that processes the Ajax form by looking at your HTML source.

 

edit

Its simple.

 

Just have a message saying click to confirm user then set a session, after that all forms will be processed instantly. I have this set up on my site.

 

I also found bots/spiders following ajax hyperlinks so put rel=nofollow in the hyperlink

I'm sorry but I fail to see how setting a session on a onclick event will prevent spamming. I could easily write a script that sets that session and spam the hell out of you anyway.

Look and ye shall see

 

http://rapidlibrary.com/download_file_i.php?qq=fast%20plans%2012&file=329219&desc=Fast.Plans.v11.WinAll.Regged-CRD+.rar

 

Once confirmed all files are redirected .....directly

 

I don't want to use CAPTCHA images.

 

What I see on that page is a CAPTCHA  :sarcastic:

The chance that you will receive spam is just as big with an Ajax form as it would be with a non Ajax form. Someone could easily find the location of the script that processes the Ajax form by looking at your HTML source.

 

How he will get the access to this page, is it by direct url entry ?

It doesn't matter whether you use POST or GET methods, the user wouldn't even need to go as far as cURL. With the Firebug extension you can quite literally edit the HTML for a website and use it as though it was the original (although you don't need Firebug to do this it makes it a hell of a lot quicker). This means they could simply edit your HTML, create a quick 'POST' method form containing all the parameters they liked, and then submit it.

In short no it won't.  Obscuring your form with Javascript/Ajax might stop the regural spam bot from seeing your form. But if a spammer wanted to target your site they could just examine your POST or GET method and specially craft the POST or GET and execute it.

Thank you guys,

 

anyhow I have to use some anti-spam technique for this ajax form too.

 

I have another query.

 

One of the common spam check is captcha image, so that image couldn't be readable by spamers. All other form elements they can trap.

Suppose if I'm using a div tag

and which will replace the captcah image and that contains the session string and that plays the role of captcha image.(why I'm planning like this , some server doesn't have GD support)  Is this hackable ?

Hi

 

Not sure anything can stop spammers totally (CAPTCHA can't although it does help).

 

You can try things to just make life difficult for them though. Check how often a link is clicked and have a limit (probably down to the ip address of the clicker). Change the form fields randomly (so the spammers can't just hard code the fields). Only accept clicks from a sent page (ie, store some marker that can be used to determine when the page was sent) and only accept those that are replied to in a certain time range (ie, not within a second, not over an hour).

 

If you want a crude CAPTCHA system without using GD then come up with a load of captcha type images yourself, save them and put out a random one. You save the name of the image you have sent, but you send the image using a php script (ie, the php reads the image file and writes it) so that they cannot just look at the image name (probably doesn't stop them checking the image details).

 

All the best

 

Keith

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.