homepage Welcome to WebmasterWorld Guest from 54.166.53.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
honeypot captcha
Gilead



 
Msg#: 4557109 posted 2:42 pm on Mar 21, 2013 (gmt 0)

I've combined three techniques to eliminate a client's captcha solution.

1. You have to click on a checkbox in order to complete the form.

2. If the form is submitted in under 7 seconds, it asks you to submit it properly

3. If the honeypot has anything in it and the checkbox is unchecked then the submitter is a spammer.

I found an exploit in my own code and am not sure how to add another layer of security. You can click submit over and over if you just wait the required amount of time. Chances are there is enough to discourage using the form for spam, but I want to be thorough.

Anyone out in PHPland have any thoughts?
Thanks!

 

Skorpios



 
Msg#: 4557109 posted 3:00 pm on Mar 21, 2013 (gmt 0)

Maybe just put another layer which is a simple sum, i.e. generate tqo random numbers between 1 and 9 and have the user enter the simple addition?

Gilead



 
Msg#: 4557109 posted 4:49 pm on Mar 21, 2013 (gmt 0)

Thanks for the idea Skorpios, but that wouldn't stop a person from submitting the form every 7 seconds.

topr8

WebmasterWorld Senior Member topr8 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4557109 posted 5:35 pm on Mar 21, 2013 (gmt 0)

set a cookie on the form page,
when the form is submitted, set the cookie value to sent or somesuch - reject all subsiquent form submissions where the cookie value is already 'sent'

topr8

WebmasterWorld Senior Member topr8 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4557109 posted 5:51 pm on Mar 21, 2013 (gmt 0)

... or record the ip address when a form is submitted, don't allow that ip address to submit the form again for whatever time period you chose.

Gilead



 
Msg#: 4557109 posted 6:32 pm on Mar 21, 2013 (gmt 0)

Thanks topr8! I like the second idea better.

sharkyvk



 
Msg#: 4557109 posted 10:03 am on Aug 6, 2013 (gmt 0)

@topr8: I have recorded the ip address. How can I code the time period of submitting the form again?
If I understand correctly this will prevent an contineous submitting of the form during the time set in the code.
I assume with an if else statement.

I am new to php so just logical thinking and I could be completly wrong.

thx

mack

WebmasterWorld Administrator mack us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4557109 posted 3:12 pm on Aug 6, 2013 (gmt 0)

On send you could add a variable $sent = "true";

On the main page...

If ($sent == "true")
{
Die();
}

This should prevent repeated submits of the form.

Mack.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved