Welcome to WebmasterWorld Guest from 54.167.83.224

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

honeypot captcha

     
2:42 pm on Mar 21, 2013 (gmt 0)

Junior Member

joined:Oct 19, 2011
posts: 161
votes: 0


I've combined three techniques to eliminate a client's captcha solution.

1. You have to click on a checkbox in order to complete the form.

2. If the form is submitted in under 7 seconds, it asks you to submit it properly

3. If the honeypot has anything in it and the checkbox is unchecked then the submitter is a spammer.

I found an exploit in my own code and am not sure how to add another layer of security. You can click submit over and over if you just wait the required amount of time. Chances are there is enough to discourage using the form for spam, but I want to be thorough.

Anyone out in PHPland have any thoughts?
Thanks!
3:00 pm on Mar 21, 2013 (gmt 0)

New User

joined:Mar 7, 2013
posts: 30
votes: 0


Maybe just put another layer which is a simple sum, i.e. generate tqo random numbers between 1 and 9 and have the user enter the simple addition?
4:49 pm on Mar 21, 2013 (gmt 0)

Junior Member

joined:Oct 19, 2011
posts: 161
votes: 0


Thanks for the idea Skorpios, but that wouldn't stop a person from submitting the form every 7 seconds.
5:35 pm on Mar 21, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2002
posts:3171
votes: 8


set a cookie on the form page,
when the form is submitted, set the cookie value to sent or somesuch - reject all subsiquent form submissions where the cookie value is already 'sent'
5:51 pm on Mar 21, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2002
posts:3171
votes: 8


... or record the ip address when a form is submitted, don't allow that ip address to submit the form again for whatever time period you chose.
6:32 pm on Mar 21, 2013 (gmt 0)

Junior Member

joined:Oct 19, 2011
posts: 161
votes: 0


Thanks topr8! I like the second idea better.
10:03 am on Aug 6, 2013 (gmt 0)

New User

joined:Aug 3, 2013
posts: 10
votes: 0


@topr8: I have recorded the ip address. How can I code the time period of submitting the form again?
If I understand correctly this will prevent an contineous submitting of the form during the time set in the code.
I assume with an if else statement.

I am new to php so just logical thinking and I could be completly wrong.

thx
3:12 pm on Aug 6, 2013 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
posts:7557
votes: 3


On send you could add a variable $sent = "true";

On the main page...

If ($sent == "true")
{
Die();
}

This should prevent repeated submits of the form.

Mack.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members