simple security question for contact form.

[asdfg]

Hello,

 

Does somebody now a really simple security question for my php form.

Just what is 2+2 or what is the second letter of hello.

Can someone give me a tutorial for that or a code.

 

Thanks.

[memfiss]

u need to make table with question answers and id

then when u henerate html code of ur form select one random question and id

place question id into hidden input

and after submiting check is answer correct

[ignace]

place question id into hidden input

 

That's a bad idea. Imagine someone who wants to abuse the form would only have set the same question id and pre-fill the answer, eureka!

 

Instead store the correct answer in the session instead of the form.

[Jessica]

Or just do the math... you don't need to store the answer if you do math, or any logic.

 

What is the second letter of hello? Easy with logic.

What is 2+2? Easy with logic.

[PFMaBiSmAd]

If you are going to do this, you need to output the question in the form of an image (that does not have a fixed/unique signature for each question) so that a bot script cannot simply scrape the question out of the html source and lookup the text answer or solve the math expression and post the answer.

 

I was a moderator on a different php helo forum and the owner's office thought it would be a good idea to replace an existing traditional image based captcha (enter the letters/numbers you see) with a simple text based question/answer captcha, with a limited number of random questions/answers. The number of automated registrations (followed by spamming) went from one every few days to ~ 250 per day for a couple of days until the person that made the change got around to undoing what he did.