CFML help, need to block spammers from hijacking my forms

Discussion in 'Cold Fusion MX' started by skypanther, Nov 5, 2008.

  1. skypanther

    skypanther Exalted Code Master!

    I'm afraid my CFML is a bit rusty, as I mostly do PHP nowadays. One of my client's forms is being hijacked by spammers. In this case, it's a "tell a friend" form with an accompanying action page which does the actual mailing. The spammers are "stuffing" the send-mail page, bypassing the entry form.

    In PHP, I use the following to prevent such attacks:

    PHP:
    if(strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === FALSE) {
        
    header('location:index.php');
        die();
    }
    Which basically checks for a match between the host name of the referrer (form page) and that of the current page (send-mail page). If they don't match, the user is redirected.

    How would I do this in CFML?

    Many thanks,
    Tim
  2. Stephen

    Stephen US Operations Staff Member

    I allowed your post, sorry for the delay in getting it visible, this forum section is slammed by daily bombardments of spam is left open, don't know why this one is so heavily spammed.
  3. skypanther

    skypanther Exalted Code Master!

    No problem on the delay. In looking at the logs, I can see that the php measure wasn't stopping the spammers anyway. It used to be that the would bypass the form, sending their own values directly to the processing page. In the logs, I could see the form page being loaded, then the processing page loaded right after that. It seems that they were actually filling in the form via some automated means.

    I ended up implementing a JavaScript / jQuery based block that seemed to stop the problem. Basically, I add some fields, remove some fields, set some values, and enable the submit button via JavaScript, then check for the state of things on the processing page. This will stop any one who doesn't have JavaScript enabled. For now, that seems to stop the hijackers. They'll figure it out soon I'm sure. X(

    The logs were still showing the form page being loaded hundreds of times per second, but the processing page was not being called. Since the logs were still growing at about 1 MB per hour, I eventually requested the IP be blocked, which shut down this particular attack.

    Tim
  4. Rossv1

    Rossv1 Perch

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services