Simple Form Validation [Image/Text]

Forum Moderators: coopster

Message Too Old, No Replies

Simple Form Validation [Image/Text]

Getting Slammed by Bots - Arrrg - Want to Validate Form Submitted by Human

King of Bling

12:18 pm on Sep 7, 2005 (gmt 0)

Anyone know the syntax of the "Enter Numbers (in an image) for Validation" script?

Just looking to stop automated form submissions (spam & useless gibberish). Any help greatly appreciated!

KOB

jatar_k

5:26 pm on Sep 7, 2005 (gmt 0)

do a search for

captcha script php

there are a bunch around

King of Bling

5:47 pm on Sep 7, 2005 (gmt 0)

Sweet. Will do.

Thanks JK

vmills

5:53 pm on Sep 7, 2005 (gmt 0)

Forgive me if I butt in here but I was searching this forum for answers to a similar question. I'm seeing form submissions such as dxaxveeam@mysite.com - will usually see 8 to 10 submitted at once. These are contact forms on small lead generation sites. Is the only way to prevent them though a captcha type script?

Just so I know, what are these bots looking for, or accomplishing, with these form submissions? All they'll get from me is a nice thank you note!

jatar_k

6:01 pm on Sep 7, 2005 (gmt 0)

they look for open scripts that they can use to send emails

they look to inject data into your db or possibly break your site or enter it to do 'something'

who knows, mostly just bored fools and script kiddies who enjoy ruining other people's day, or feel that it makes them more important by doing so

there is no way to completely protect anything, captcha is a good step. Another thing is to look for common ips or patterns to what they are trying to do, standard email addresses or country opf origin.

then let the banning begin ;)

vmills

12:03 pm on Sep 8, 2005 (gmt 0)

Thanks jatar_k. I thought there was some way I could make the script more secure. Some of the sites I've seen this on had register globals on and I turned those off but I'm still seeing bot submissions. I gather from what you are saying that there isn't anything I can do unless I'm willing to go to a captcha type script, which is really overkill for these types of sites.

jatar_k

5:28 pm on Sep 8, 2005 (gmt 0)

no that's not actually what I am saying ;)

there are steps you can take but I am just saying you will never get them all

this thread talks about PHP security [webmasterworld.com]

validation is the key, to find patterns in the bad data

as someone mentioned recently, and should be mentioned often, it's not about filtering bad data, it is all about only allowing good data. Logging everything you can about bad data that is entered is also a good way to better understand what is being entered and how to improve your validation routines.

take whatever means you feel are necessary but don't let it be your ruin, some bad data will get through at some point or a bot will make a couple submissions, you just have to figure out in your situation the necessary level of paranoia. ;)