开发者

How can I prevent automatic form submission by bots?

开发者 https://www.devze.com 2023-01-06 17:26 出处:网络
I am running ColdFusion MX, so I don\'t have the possibility of using the built-in cfimage Captcha functionality in开发者_运维知识库 my application, before form submitting.

I am running ColdFusion MX, so I don't have the possibility of using the built-in cfimage Captcha functionality in开发者_运维知识库 my application, before form submitting.

But the problem is without captcha the bots submit the forms.

What will be best way to prevent automatic submitting?


Captchas don't have to be images!

Try one of the following solutions:

  • Most bots don't understand CSS. Create two submit buttons, the first with a value that will be rejected by the server, the second with a value that will be accepted by the server. Hide the first one using CSS.
  • Ask the user to answer a simple math problem. This will require you to create the math problem and store the expected solution somewhere (like the user's session), then compare the user's submitted answer with the stored answer. For extra protection, you can create simple addition, subtraction and multiplication questions. Avoid division, remainders are a pain for some users.
  • Bots read the names of form elements, and tend to ignore text labels. Try creating a checkbox named "optout" (like a newsletter), checked by default. Next to the checkbox, ask the user to uncheck the checkbox if they are a human. The opposite technique also works (unchecked checkbox that you ask the user to check).

All of these solutions can be done without third party code or API calls.

That being said, reCAPTCHA is pretty good and easy to integrate into almost any environment.


Take a look at cfformprotect - it will work with CFMX 6 and all later engines.

It aims to be fully accessible - and invisible to most users - with an assortment of methods to stop bots and spammers.

Also you might want to look at a CF wrapper for reCaptcha, which is compatible with CFMX 7.


A technique I used with a different technology was to use image buttons. Your POST handler gets the x,y co-ordinates where the images were clicked. I found the bots (which are just generating post requests) were passing 0,0 and by dropping those requests on the floor I brought the spam posts down to less than the real ones. Sorry that I don't know how to do that in CF but I hope the technique is useful to you.


Its always a good idea to do data validation on the server side before processing no matter which solution you use.

This post may help: http://www.bennadel.com/blog/405-Fully-Accessible-Spam-Form-Submission-Blocking-Using-ColdFusion-And-X-HTML-Version-III-.htm


How about using calculation method? Just like 8 + 5 = ?

OR

how about using ColdFusion.Ajax.submitForm?

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号