CFML help, need to block spammers from hijacking my forms

[skypanther]

I'm afraid my CFML is a bit rusty, as I mostly do PHP nowadays. One of my client's forms is being hijacked by spammers. In this case, it's a "tell a friend" form with an accompanying action page which does the actual mailing. The spammers are "stuffing" the send-mail page, bypassing the entry form.

In PHP, I use the following to prevent such attacks:

if(strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === FALSE) {
	header('location:index.php');
	die();
}

Which basically checks for a match between the host name of the referrer (form page) and that of the current page (send-mail page). If they don't match, the user is redirected.

How would I do this in CFML?

Many thanks,
Tim

 

[Stephen]

I allowed your post, sorry for the delay in getting it visible, this forum section is slammed by daily bombardments of spam is left open, don't know why this one is so heavily spammed.

 

[skypanther]

No problem on the delay. In looking at the logs, I can see that the php measure wasn't stopping the spammers anyway. It used to be that the would bypass the form, sending their own values directly to the processing page. In the logs, I could see the form page being loaded, then the processing page loaded right after that. It seems that they were actually filling in the form via some automated means.

I ended up implementing a JavaScript / jQuery based block that seemed to stop the problem. Basically, I add some fields, remove some fields, set some values, and enable the submit button via JavaScript, then check for the state of things on the processing page. This will stop any one who doesn't have JavaScript enabled. For now, that seems to stop the hijackers. They'll figure it out soon I'm sure. X(

The logs were still showing the form page being loaded hundreds of times per second, but the processing page was not being called. Since the logs were still growing at about 1 MB per hour, I eventually requested the IP be blocked, which shut down this particular attack.

Tim

 

[Rossv1]

Not sure if you've resolved this yet, but here you go:

<cfif cgi.remote_host NEQ cgi.server_name>
<cflocation url="index.cfm?message=blah" addtoken="no">
<cfabort>
</cfif>

Depending on the server config, you may need to play with different CGI variables. Here is a list:

http://livedocs.adobe.com/coldfusio...xt=ColdFusion_Documentation&file=00000194.htm