that will be the test site indexed then
i do this as standard practice nowadays (when i remember that is)
-
you are better off having a robots file sat at the root of all websites with a disallow to /test/
i do this as standard practice nowadays (when i remember that is) -
surely if your server only allows sendmail to send from your domain you've got this covered anyway, back that up with SPF and haven't you got the same effect - no bots from the contact form?there are a number of secure solutions, and usually, they need to be employed together.
1- captcha. This one is required only to show that the form was submitted by a human. it does NOT mean that someone diddnt hijack the cgi-url directly, and bypass the form. Thats what norms hack does. and a clever one it is, especially the javascript addon.
2- unique token. In php applications, you'd set a session, as the from loads. a unique one, for the user. Then when the data is passed to the mailer script, the presence of a session is checked. If its not there, that means that they diddnt use the form. no game. This javascript example doesnt do that, but again, a perl hack would fix that.
3- modulating obfuscation. Making your form inputs different every time they are loaded is a sure fire way to ensure that you cannot pass values that diddnt some from a form. use javascript on the form side and your server language on the send side. I use the users ip address, and the date, in a nice string, with an md5 string at the end, representing the forms real name. complex but effective.Comment
-
Ooooh Sorry i missed Normans fix last night
OK working example is here http://rawair.co.uk/acatalog/index.html click on the contact us link at the top
Thanks for all you help in this, Gabe nice work, Norman nice fix
DComment
-
sorry jo thats what i ment when i said i have it listed in my robots.txt i have it set to disallowOriginally posted by pinbrook
DComment
-
Nice Darren
I had to laugh though - check out the captcha image.
You can tell Gabe has something to do with it. A hint of irony in there as well!
Fergus Weir - teclan ltd
Ecommerce Digital Marketing
SellerDeck Responsive Web Design
SellerDeck Hosting
SellerDeck Digital Marketing
Comment
-
<sinister> BWAHAHAHAHAHHHHAAAAAAAAA!!!!!!</sinister>Comment
-
Hmmm definately some odd names come up
DComment
-
You're not wrong. Here's a sample:
Muscle
Woman
snake
like
dress
regret
push
meat
flag
sugar
sound
......I kid you not! Is this captcha pulling random words from Gabe's own internal dialogue?
Fergus Weir - teclan ltd
Ecommerce Digital Marketing
SellerDeck Responsive Web Design
SellerDeck Hosting
SellerDeck Digital Marketing
Comment
-
it took me 2 minutes to bypass a collection of captcha tests using the firebug editor. you are right however, but some servers simply do allow cross site cgi-access.Originally posted by pinbrook
notwithstanding, there are actually a few libraries allready available to decode catchas. a couple of initiatives spring to mind.
and we wont even get into the madness that is an audio captcha.
Comment
-
Originally posted by ferguswYou're not wrong. Here's a sample:
Muscle
Woman
snake
like
dress
regret
push
meat
flag
sugar
sound
......I kid you not! Is this captcha pulling random words from Gabe's own internal dialogue?
you'd best scan the jps then. to find my 'special words'.
wáng. and poop.Comment
-
Ah ok just thought i was missing a sandwich.it took me 2 minutes to bypass a collection of captcha tests using the firebug editor.
i'd better test my own capchas - although i also have the other 2 methods of blocking in place tooComment
-
I know this is not a full proof method, but it will help to reduce the 1000's of auto submissions we recieve, something is better than nothing at the mo.
DComment
-
Dance Banana Dance!!!!!Comment
-
Gabe you be the DJ thenComment
-
Hey do you still need me to mess with this mini cart thingy
i am have a new snapshot to work on so though i might give it a go aswell
DComment
Comment