chrisuk Posted March 6, 2008 Share Posted March 6, 2008 here at work the boss insists on all websites being in house running on Lotus Domino servers. Eww. Anyway, i've been asked to take a look at some forms that are on the website to allow visitors to register for events. They enter their details, and when the form is submitted it's whizzed accross to an external site where it is processed - part of which involves mailing the results to an email address here at the company. Now to me this has "abuse" written all over it, there's nothing to check where the form data comes from - so am i correct in saying that someone could notice this, make their own form and just blast us with spam as a result? what can i do to have the form check that it's coming from our website (against an external static IP) - I was thinking http_referer but I read this can easily be spoofed? suggestions welcome, ta Quote Link to comment Share on other sites More sharing options...
priti Posted March 6, 2008 Share Posted March 6, 2008 to stop spamming we use captach to make sure the user is a human not a computer program. Next, what if someone doing it intentionaly then i have seen on certain form they pass a hidden variable to server to identify the client. secondly you can create a block_list_array={'aaaa','xxxx','ssss','tyyy'} and when you submit you form just check the content with this list to stop spam. you can set off some time between two sucessive submission of form which you might be able to see on different leading forums too. ... there are many a way to stop spam. Quote Link to comment Share on other sites More sharing options...
chrisuk Posted March 6, 2008 Author Share Posted March 6, 2008 thanks for that! some stuff to think about there. ta Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.