Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: newb: Best way to protect CGI from non-form invocation?

by TedPride (Priest)
on Feb 06, 2007 at 04:22 UTC ( #598482=note: print w/replies, xml ) Need Help??

in reply to newb: Best way to protect CGI from non-form invocation?

Bots are often programmed to defeat the most popular validation methods, such as phpBB's graphical validator, but even a simple custom validation will defeat virtually all of them. I just use a randomly generated 6-character hex string that people have to fill in at the bottom of the form, and since I started doing that, I've gone from hundreds of spams to only a single spam submission - and even that one may have been put through by a human.

The problem with graphics is that a sufficiently obfuscated graphic is also hard for people to see, and if the graphic doesn't load, people can't submit the form. Text is easier to defeat, but anyone who's spending that much effort to defeat your site security specifically can probably come up with much nastier ways to mess with you. Email bombing, or loading your most processor-intensive page hundreds of times per second, etc. Your security only needs to be good enough to stop the usual stupid, impersonal spam bot, but not so good that it irritates your users.

  • Comment on Re: newb: Best way to protect CGI from non-form invocation?

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://598482]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (5)
As of 2021-10-16 13:08 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (69 votes). Check out past polls.