SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,996
    Mentioned
    186 Post(s)
    Tagged
    2 Thread(s)

    Robot spoiler email entry

    Recently another sitepoint member, obrienkev, posted a thread called "Guest book filling with Junk!!" http://www.sitepoint.com/forums/showthread.php?t=280293
    The problem is that the site needs to be accessible for users with disabilities. This need dictates that the guestbook entry process be as easy as possible (no login other than an email address), and over-rides the use of "fuzzy" text authentication.
    The thread discussed various server-side methods to reduce guestbook abuse. Although the site in question did not appear to have been subjected to any redirect script injection, and I did not see any offensive entries, it contained many link entries (abusive SEO tactic). In addition to the various methods discussed in the thread, I was thinking What if the email address entry form was not only validated but also limited. Hence this crude
    example:
    Code:
    <form name="botSpoiler" action="#" >
    <input name="user" type=text" size="30" maxlength="25" />
    @
    <input name="subDom" type="text" size="20" maxlength="15" />
    .
    <select name="tlDom">
    <option value="null"></option>
    <option value="fake" selected="selected">select ending</option>
    <option value="com">com</option>
    <option value="net">net</option>
    <option value="edu">edu</option>
    <option value="gov">gov</option>
    <option value="org">org</option>
    <option value="mil">mil</option>
    <option value="int">int</option>
    <option value="us">net</option>
    <option value="uk">edu</option>
    <option value="de">gov</option>
    <option value="jp">org</option>
    <option value="other">OTHER</option>
    </select><br />
    If other Top Level Domain ending, enter here:
    <input name="other" type="text" size="7" maxlength="5" />
    </form>
    The only problems that I can see are that users that have more than the 1 period in their address might be a bit confused, and "auto-formfield-fill" wouldn't work.
    If one really wanted to get fancy the select options could be filled from a randomized array of top level domain values to further deter robot abuse.

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,996
    Mentioned
    186 Post(s)
    Tagged
    2 Thread(s)

    an easier yet effective way to foil spam-bots

    I have been thinking that it may be just as effective and a lot simpler to simply have the username text input and a combined domain/subdomain text input like this:
    Code:
    <form name="botSpoiler" action="#" >
    <input name="user" type=text" size="30" maxlength="25" />
    @
    <input name="domain" type="text" size="30" maxlength="25" />
    </form>
    This would be a lot less confusing than having users try to figure out where to put periods.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •