[Gllug] Perl Question - Spam Filter for NMS Form Mail
Henry Gilbert
henry.gilbert at gmail.com
Sun Feb 8 01:15:35 UTC 2009
2009/2/7 Lesley Binks <lesleyb at pgcroft.net>:
> Henry
>
> Some of what you are doing won't trap spam. It will trap humans that
> might be trying to use your form in some way.
>
> With any form submission you need to html_escape anything if you are
> going to print out it on another webpage. You need to sql escape it
> before you add it to a database. This stops a few form hacks.
> Always prevent someone using the contact firm to send mail elsewhere
> by excluding anything that contains a ':' in the subject or
> other email header such as originator's email or block actual newlines
> added to header data you are allowing to be entered.
>
> You basically need to look at what you are asking to be input and think
> how a 'hax0r' might use it to subvert it for their own purposes.
>
> You'd get more mileage out of this if you wrote your own contact form
> and you could then add a recaptcha.net anti-spam offering.
>
> You only need two or three text fields, a text area and a submit button
> plus the recaptcha.net javascript
>
> Regards
>
> L.
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
Hi Leslie
There is no database, so no worries about SQL injections there.
Captchas reminds me of DRMs - a PITA for the end-user, so why punish
the visitor?
I have built forms with no captchas and no problems or spam since but
that was using .NET or classical ASP ie:
http://www.guitar-teaching.co.uk/contact.asp
With the holiday website - I just need 2 extra lines of Perl code to
reduce spam to (near) zero. It is only one type of spam that is
evading the current filter. The format being a long list of URLs all
starting with http://
regards
HG
--
SEO Mastery
http://www.alliancetec.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list