Hi,
As soon as my website went live with my Xupload forms I've been getting fake forms posted. All required fields are filled out with rubbish spam, and they get through our spam filter as they look like ordinary inquiries apart from the obvious rubbish posted insdie the form.
I've played around with some Javascript code but nothing seems to work, I'm guess the bots are bypassing this and just posting directly to the cgi script.
I also have file uploads as optional in my webforms, so I can't rely on this to stop fake forms.
Is there anything I can add to the backend code or maybe some php I can add to the form, to stop these fake submissions?
I don't really want to use CAPTCHA or anything that involves user intervention, unless it's unavoidable.
Any help would be gratefully recieved.
Thanks.
XUpload - Big problems with spambots. Javascript useless?
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
Hmm...you can require file upload.
Don't you have this code in your upload.cgi?
PS: Pro version, right?
Don't you have this code in your upload.cgi?
Code: Select all
if($#files==-1)
{
&lmsg("ERROR: No files uploaded");
sleep 2;
&DelData($temp_dir);
&xmessage("ERROR: No files uploaded");
}-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
You can require JS on client side. Bots don't have JS I think 
Code: Select all
unless($ENV{QUERY_STRING}!~/js_on=1)
{
&lmsg("ERROR: No files uploaded");
sleep 2;
&DelData($temp_dir);
&xmessage("ERROR: No files uploaded");
}-
toobigforemail.com
- Posts: 8
- Joined: Nov 20, 2008 1:48 am
What about checking HTTP_HOST? That way unless they are posting from your site they cant POST.
Code: Select all
if (($ENV{'HTTP_HOST'} eq "yourdomain.com")||
($ENV{'HTTP_HOST'} eq "www.yourdomain.com"))
{
#do some stuff
} else {
#dont do some stuff
}
Facebook
Twitter