[pchelpers] Dealing with form spam that has numbers

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Thu, 28 Dec 2006 14:22:18 +1300

Knowing how many web masters have forms and how many suffer from script 
attacks, you might like some ideas to help deal with it. The thing many 
forms have in common is they are processed using perl or cgi scripts. 
This is so with my feedback forms. Have you ever noticed how many try to 
use complex names to prevent being filtered out by black lists? Those 
names very often contain numbers to make them more unique, so why not 
test for numbers where the name should be? Take this example:

if ($myname =~ /0/){
$msg="317name test showed numbers!";
&runlog;
$errormessage = "<br>You may not use numbers ($myname) where a name is 
requested";
&errorpage;
exit
}

That can prevent a name with 0 in it from being accepted by a script. By 
adding similar blocks of code for the remaining numbers (1-9), these 
tricky attacks can be practically eliminated. Of course you may use 
different variables to suit your script and adjust the way your script 
responds to the attack by altering the error message and the error page 
code yourself.

Of course, similar methods can be used for any form field where attacks 
might occur. It is only a question of adjusting the code to suit your 
needs. The nice part about this approach is that only the primary 
numbers need be checked for. It does not matter how complex the name is, 
numbers should not be there.

Note: This will work without the need for a runlog or a $msg variable 
(that's special to my system).
-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 112663246
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
Order my latest e-book at http://modecideas.com/dmaxhits.htm?sig
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription