SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2002
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to prevent auto signup on form

    I have a form at:

    http://www.imaging-resource.com/PRESSKIT.HTM

    Lately, it seems like there is a robot out there trying to auto signup, because I'll get the signup emails but all the fields will be blank.

    I can only assume that this is some type of attack (virus/spam...whatever.) What options do I have with my script to prevent this type of attack? What should I code for so as to not get these blank emails all the time?

    Thanks!

  2. #2
    SitePoint Evangelist jplush76's Avatar
    Join Date
    Nov 2003
    Location
    Los Angeles, CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    have users register using "turing" techniques...
    have you signed up for yahoo mail lately? when you sign up they present you with an image with some jagged text in it, if you put in the right word you're good to go. Robots can't read jagged images (not yet anyway).
    My-Bic - Easiest AJAX/PHP Framework Around
    Now Debug PHP scripts with Firebug!

  3. #3
    SitePoint Addict DM3Dan's Avatar
    Join Date
    Sep 2004
    Location
    Albany, NY
    Posts
    204
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ywickham
    I have a form at:

    http://www.imaging-resource.com/PRESSKIT.HTM

    Lately, it seems like there is a robot out there trying to auto signup, because I'll get the signup emails but all the fields will be blank.

    I can only assume that this is some type of attack (virus/spam...whatever.) What options do I have with my script to prevent this type of attack? What should I code for so as to not get these blank emails all the time?

    Thanks!
    If you have photoshop, write out a sequence of letters and nubers like so:
    Code:
    Vsf3g298
    And use the 'Liquify' tool to make them all unreadable to a robot. Save that to an image and display it next to a form. Ask the user to write out the sequence into the form. Then just do if ($sequence == 'Vsf3g298') {go ahead}. I'm not sure if that would work, as I am new to PHP, but it seems like it should.

  4. #4
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jplush76
    have users register using "turing" techniques...
    have you signed up for yahoo mail lately? when you sign up they present you with an image with some jagged text in it, if you put in the right word you're good to go. Robots can't read jagged images (not yet anyway).
    now that you mentioned it, can you please explain how to do that on the fly(if it is) and how to check that. DO they check it with javascript or PHP and if PHP then how do they remember the value generated on the fly? hope i am being clear
    ---------------------------
    Errors = Improved Programming.
    My Site

  5. #5
    SitePoint Evangelist jplush76's Avatar
    Join Date
    Nov 2003
    Location
    Los Angeles, CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you validate it with PHP

    for example you could use one of the GD (image) library functions so you have your text variable that changes on each page load

    $text = "apple";

    then you pass apple to the image function that places that text in an image file on the fly and you save "apple" as a session variable such as $_SESSION['turing_text'] = $text;

    then on the form submission page just do

    if($_POST['turing'] === $_SESSION['turing_text'])
    {
    echo 'you can enter';
    } else {
    echo 'you stupid robot, leave me alone!';
    }

    you can learn more about turning here:
    http://www.google.com/search?hl=en&l...ge&btnG=Search

    be warned that turing tests are very difficult if not impossible for visually impaired people to work with.
    My-Bic - Easiest AJAX/PHP Framework Around
    Now Debug PHP scripts with Firebug!

  6. #6
    SitePoint Evangelist
    Join Date
    Sep 2004
    Location
    Oregon
    Posts
    445
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can also do something like a "submitOnce" in javascript, only allowing the form to be submitted once.

    But, doing the random image combination would be just as successfully. But don't name the image something like 124562.jpg and have that be the actual numbers displayed, that defeats the purpose :P


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •