Page 1 of 1

Web Forms Being exploited

Posted: Sat Sep 10, 2005 11:20 pm
by brodie
on my site i currently have a form where people can register to show interest.
The form is fairly simple and takes in quite a few bits of info. I process the form with php and send myself an email to let me know they hav registered.

Now, someone is, what seems to be running his own script on my register page. hes filling in all the fields with dummy information and generating lotsof registrations. So i keep getting lots of emails, and all these fake users.

I was wondering if there was anyway i could stop a particular ip address from continually using the form, or if anyone knew where i could find some sort of extra validation, like using those images with verification keys in them. SO an actual person has to sit down and fill them out.

I am going to include an email validation too, but this wont stop the script generating lots of dummy members.

Any help would be appreciated.

Cheers guys

Posted: Sat Sep 10, 2005 11:46 pm
by Weirdan
Browse through the various captcha classes on phpclasses.org: http://www.google.com/search?q=site%3Ap ... %20captcha

Posted: Sun Sep 11, 2005 2:20 am
by josh
I don't even like to bother with captcha, just require a user to signup with an email, and make them verify their email with a verification link before it finalizes their account, and sends you the email. Of course limiting an email to only one account, if you get an issue such as someone who writes a script to set up thousands of emails on their local MTA, you can ban their domain name

Otherwise you can just ban their subnet by IP. As to how to ban by IPs, look at $_SERVER

Posted: Sun Sep 11, 2005 10:30 am
by John Cartwright
Not to mention relying on a users IP to be authentic is total chaos. A user's IP may legitimantly changed several times through a session...
(cough cough AOL). Also if a user is setup behind a proxy banning his IP is utterly pointless, for obvious reasons..