Solved

How to make a simple webform request secure from spam?

Posted on 2006-10-25
21
313 Views
Last Modified: 2013-12-24
I have a web form and need it to be secure from spam I've got a robot that has found my form and is injecting hyperlinks into my text boxes. This is not good, Iv'e thought using an obfuscator would work not sure. Any suggestions?
0
Comment
Question by:dawes4000
  • 10
  • 7
  • 2
  • +2
21 Comments
 
LVL 9

Assisted Solution

by:73Spyder
73Spyder earned 100 total points
ID: 17806102
I would implement a CAPTHA Solution.  This is the part that generates an image with letters in it that must be entered in.  So far, bots can not do this.

http://www.alagad.com/  has a good component to use.    
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 150 total points
ID: 17806218
There is also a free and opensource captcha solution available from Peter Farrell:
http://lyla.maestropublishing.com/
0
 
LVL 9

Expert Comment

by:73Spyder
ID: 17806240
Yes,  I had forgotten about that site.  
0
 

Author Comment

by:dawes4000
ID: 17806814
usachrisk1983
 I'm not sure how to implement Capatcha? The documentation says its simple.
I've copied capatchaService.cfc and capatcha.xml over to the directory.
How do I have it appear on the web form? and how do I then take the
textbox info and hace the cfc work it?
0
 
LVL 1

Expert Comment

by:ctdigital
ID: 17808649
If Capatcha is too complicated for you, another viable solution is

http://tutorial406.easycfm.com/

It's a great tutorial - best of luck as Image Verification isn't the simplest of processes.  Secondly if it is injecting hyperlinks into your search box set up some sort of replace statement to remove or not accept submissions with certain content.  IF form.value contains "whatever" do something.  Sorry for the fred flinstone terminology but i gotta run!  Best of luck
0
 

Author Comment

by:dawes4000
ID: 17812316
ctdigital,
I created captchaTest.cfm code given in the documentation. I ran the page and the captcha image was rendered.
So, I am making progress. How do I compare what captcha renders with what a user input into a txtbox for the challenge?
0
 

Author Comment

by:dawes4000
ID: 17812654
Throwing an exception now,

captchaService.cfc
Could not find the ColdFusion Component captchaServiceConfigBean
LINE: default="#CreateObject("component", "captchaServiceConfigBean").init()#" />

captchaServiceConfigBean.cfc is in the same directory as the other cfc's, any ideas for this error?
0
 
LVL 4

Accepted Solution

by:
Oneiroid earned 250 total points
ID: 17814895
Here is a good article you should read about setting up lyla:
http://cfdj.sys-con.com/read/236003.htm

Here's the breakdown (NOT using a config bean).

Application.cfm should contain this (as per the location of your xml file):
<cfparam name="url.reinit" default="false">
<!--- initalize the captcha with the xml config --->
<cfif not structKeyExists(application,"captcha") or url.reinit>
      <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
      <cfset application.captcha.setup() />
</cfif>

Your form should look like this:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
<input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
<img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>                              

The showCaptcha file should contain this:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText is 0>
captcha was empty or failed
</cfif>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17814914
Sorry, missed a bracket:

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
</cfif>
0
 

Author Comment

by:dawes4000
ID: 17815720
Oneiroid,
Thanks for the help. I have not ever used CreateObject() so please forgive my lack of understanding.

I have created captcha.cfm with the code below:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
      <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>
                              
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
                                    
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
</cfif>

My application.cfm file has the following:
<!--- initalize the captcha with the xml config --->
<cfparam name="url.reinit" default="false">

<cfif not structKeyExists(application,"captcha") or url.reinit>
     <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
     <cfset application.captcha.setup() />
</cfif>
<!--- END initalize the captcha with the xml config --->

I created a directory called captcha, this directory includes the following:
img <!--- an image directory --->
captcha.xml
captchaService.cfc
captchaServiceConfigBean.cfc

If I load captcha.cfm I get the following error:
Element HASHREFERENCE is undefined in URL.  
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />

What needs to happen here?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Expert Comment

by:Oneiroid
ID: 17815786
The following code should not be in the same file as your form, and should therefore never cause an error.

Paste this code into a new file called showCaptcha.cfm. These should be the ONLY two lines of code in the file.

<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
0
 

Author Comment

by:dawes4000
ID: 17820741
Oneiroid,

showCaptcha.cfm contains the following only:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

It is located same level as my form captcha.cfm, captcha.cfm has the following code:
<!--- CHALLENGE FORM BELOW --->
<cfset variables.captcha = application.captcha.createHashReference() />
      <cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
            <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
      </cfoutput>
<cfparam name="captchaText" default="">
<cfform name="form" action="Captcha.cfm" method="post">
<cfinput type="text" name="captchaText">
<cfinput type="submit" name="btnSubmit" value="submit">
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
User is human
</cfif>
</cfform>

captcha.cfm calls showCaptcha.cfm and the jpeg is rendered. So, showCaptcha.cfm and my directory captcha that contains the service and xml file are working. The problem is the challenge form?
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17820839
I am not quite sure what you are trying to do with that form. You are trying to submit and validate at the same time? Your captchasHash input is not between form tags. Why is your validation code inside the form?

When you say "If I load captcha.cfm I get the following error" - does that mean the error occurs when you load the page, or when you submit the form?

Also, for good measure, chnage the line
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
to
<cfelse>
0
 

Author Comment

by:dawes4000
ID: 17820993
The question is how do I take input from the user and test it with what alpha char are in the jpeg?
0
 

Author Comment

by:dawes4000
ID: 17821130
Oneiroid,
I get it now. The input form captcha.cfm displays the image, hides the hashID, inputs text from user, posts to the testing cfm page.
<cfform name="form" action="CaptchaResult.cfm" method="post">
   <!--- create HashID then set as a variable--->
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <!--- Hide HashID --->
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <!--- reference HashID with JPEG and display JPEG --->
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" /><br>
     </cfoutput>
     <cfparam name="captchaText" default="">
     <cfinput type="text" name="captchaText">
     <!--- post form values to a results page which contains the test --->
     <cfinput type="submit" name="btnSubmit" value="submit"><br>
</cfform>

captchaResult.cfm contains the test with conditional output:
<cfif captchaText EQ "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
<cfelse>
      human
</cfif>


0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821144
That is what the captchaHash does:

<cfif isdefined ("AuthenticateForm")>
   <cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
   <cfelse>
      User is human
   </cfif>
</cfif>

<cfform name="form" action="Captcha.cfm" method="post">
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
     </cfoutput>
   <cfinput type="text" name="captchaText">
   <cfinput type="hidden" name="AuthenticateForm">
   <cfinput type="submit" name="btnSubmit" value="submit">
</cfform>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821151
Posting at the same time. Yes, there you go, your new code looks a lot like mine now ;)

How does it work?
0
 

Author Comment

by:dawes4000
ID: 17821288
What are you doing with <cfinput type="hidden" name="AuthenticateForm">
0
 

Author Comment

by:dawes4000
ID: 17821360
Oneiroid,
I have been messing with the xml file to make adjustments on the appearence of the jpeg, but they changes do not make a difference. Height, width, backgroundColor, all do not change anything. Since this is a new issue for me I will open another question.
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821371
Just using it as an example to identify the submission of a certain form / availability of a variable to compare so that you do not have to post your form to a new page.
0
 

Author Comment

by:dawes4000
ID: 17821549
I'm going to increase the point value too 500 on this question because there was addtional instruction given beyond the original question. I will then split points among three members.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Time Sheet Help 6 34
How to solve ssl error handshake failure alert on IE 1 121
CFFILE upload help 98 112
Nameserver and MX Record 2 46
Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now