How to make a simple webform request secure from spam?

I have a web form and need it to be secure from spam I've got a robot that has found my form and is injecting hyperlinks into my text boxes. This is not good, Iv'e thought using an obfuscator would work not sure. Any suggestions?
dawes4000Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
OneiroidConnect With a Mentor Commented:
Here is a good article you should read about setting up lyla:
http://cfdj.sys-con.com/read/236003.htm

Here's the breakdown (NOT using a config bean).

Application.cfm should contain this (as per the location of your xml file):
<cfparam name="url.reinit" default="false">
<!--- initalize the captcha with the xml config --->
<cfif not structKeyExists(application,"captcha") or url.reinit>
      <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
      <cfset application.captcha.setup() />
</cfif>

Your form should look like this:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
<input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
<img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>                              

The showCaptcha file should contain this:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText is 0>
captcha was empty or failed
</cfif>
0
 
73SpyderConnect With a Mentor Commented:
I would implement a CAPTHA Solution.  This is the part that generates an image with letters in it that must be entered in.  So far, bots can not do this.

http://www.alagad.com/  has a good component to use.    
0
 
usachrisk1983Connect With a Mentor Commented:
There is also a free and opensource captcha solution available from Peter Farrell:
http://lyla.maestropublishing.com/
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
73SpyderCommented:
Yes,  I had forgotten about that site.  
0
 
dawes4000Author Commented:
usachrisk1983
 I'm not sure how to implement Capatcha? The documentation says its simple.
I've copied capatchaService.cfc and capatcha.xml over to the directory.
How do I have it appear on the web form? and how do I then take the
textbox info and hace the cfc work it?
0
 
ctdigitalCommented:
If Capatcha is too complicated for you, another viable solution is

http://tutorial406.easycfm.com/

It's a great tutorial - best of luck as Image Verification isn't the simplest of processes.  Secondly if it is injecting hyperlinks into your search box set up some sort of replace statement to remove or not accept submissions with certain content.  IF form.value contains "whatever" do something.  Sorry for the fred flinstone terminology but i gotta run!  Best of luck
0
 
dawes4000Author Commented:
ctdigital,
I created captchaTest.cfm code given in the documentation. I ran the page and the captcha image was rendered.
So, I am making progress. How do I compare what captcha renders with what a user input into a txtbox for the challenge?
0
 
dawes4000Author Commented:
Throwing an exception now,

captchaService.cfc
Could not find the ColdFusion Component captchaServiceConfigBean
LINE: default="#CreateObject("component", "captchaServiceConfigBean").init()#" />

captchaServiceConfigBean.cfc is in the same directory as the other cfc's, any ideas for this error?
0
 
OneiroidCommented:
Sorry, missed a bracket:

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
</cfif>
0
 
dawes4000Author Commented:
Oneiroid,
Thanks for the help. I have not ever used CreateObject() so please forgive my lack of understanding.

I have created captcha.cfm with the code below:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
      <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>
                              
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
                                    
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
</cfif>

My application.cfm file has the following:
<!--- initalize the captcha with the xml config --->
<cfparam name="url.reinit" default="false">

<cfif not structKeyExists(application,"captcha") or url.reinit>
     <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
     <cfset application.captcha.setup() />
</cfif>
<!--- END initalize the captcha with the xml config --->

I created a directory called captcha, this directory includes the following:
img <!--- an image directory --->
captcha.xml
captchaService.cfc
captchaServiceConfigBean.cfc

If I load captcha.cfm I get the following error:
Element HASHREFERENCE is undefined in URL.  
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />

What needs to happen here?
0
 
OneiroidCommented:
The following code should not be in the same file as your form, and should therefore never cause an error.

Paste this code into a new file called showCaptcha.cfm. These should be the ONLY two lines of code in the file.

<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
0
 
dawes4000Author Commented:
Oneiroid,

showCaptcha.cfm contains the following only:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

It is located same level as my form captcha.cfm, captcha.cfm has the following code:
<!--- CHALLENGE FORM BELOW --->
<cfset variables.captcha = application.captcha.createHashReference() />
      <cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
            <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
      </cfoutput>
<cfparam name="captchaText" default="">
<cfform name="form" action="Captcha.cfm" method="post">
<cfinput type="text" name="captchaText">
<cfinput type="submit" name="btnSubmit" value="submit">
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
User is human
</cfif>
</cfform>

captcha.cfm calls showCaptcha.cfm and the jpeg is rendered. So, showCaptcha.cfm and my directory captcha that contains the service and xml file are working. The problem is the challenge form?
0
 
OneiroidCommented:
I am not quite sure what you are trying to do with that form. You are trying to submit and validate at the same time? Your captchasHash input is not between form tags. Why is your validation code inside the form?

When you say "If I load captcha.cfm I get the following error" - does that mean the error occurs when you load the page, or when you submit the form?

Also, for good measure, chnage the line
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
to
<cfelse>
0
 
dawes4000Author Commented:
The question is how do I take input from the user and test it with what alpha char are in the jpeg?
0
 
dawes4000Author Commented:
Oneiroid,
I get it now. The input form captcha.cfm displays the image, hides the hashID, inputs text from user, posts to the testing cfm page.
<cfform name="form" action="CaptchaResult.cfm" method="post">
   <!--- create HashID then set as a variable--->
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <!--- Hide HashID --->
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <!--- reference HashID with JPEG and display JPEG --->
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" /><br>
     </cfoutput>
     <cfparam name="captchaText" default="">
     <cfinput type="text" name="captchaText">
     <!--- post form values to a results page which contains the test --->
     <cfinput type="submit" name="btnSubmit" value="submit"><br>
</cfform>

captchaResult.cfm contains the test with conditional output:
<cfif captchaText EQ "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
<cfelse>
      human
</cfif>


0
 
OneiroidCommented:
That is what the captchaHash does:

<cfif isdefined ("AuthenticateForm")>
   <cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
   <cfelse>
      User is human
   </cfif>
</cfif>

<cfform name="form" action="Captcha.cfm" method="post">
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
     </cfoutput>
   <cfinput type="text" name="captchaText">
   <cfinput type="hidden" name="AuthenticateForm">
   <cfinput type="submit" name="btnSubmit" value="submit">
</cfform>
0
 
OneiroidCommented:
Posting at the same time. Yes, there you go, your new code looks a lot like mine now ;)

How does it work?
0
 
dawes4000Author Commented:
What are you doing with <cfinput type="hidden" name="AuthenticateForm">
0
 
dawes4000Author Commented:
Oneiroid,
I have been messing with the xml file to make adjustments on the appearence of the jpeg, but they changes do not make a difference. Height, width, backgroundColor, all do not change anything. Since this is a new issue for me I will open another question.
0
 
OneiroidCommented:
Just using it as an example to identify the submission of a certain form / availability of a variable to compare so that you do not have to post your form to a new page.
0
 
dawes4000Author Commented:
I'm going to increase the point value too 500 on this question because there was addtional instruction given beyond the original question. I will then split points among three members.
0
All Courses

From novice to tech pro — start learning today.