Solved

How to make a simple webform request secure from spam?

Posted on 2006-10-25
21
315 Views
Last Modified: 2013-12-24
I have a web form and need it to be secure from spam I've got a robot that has found my form and is injecting hyperlinks into my text boxes. This is not good, Iv'e thought using an obfuscator would work not sure. Any suggestions?
0
Comment
Question by:dawes4000
  • 10
  • 7
  • 2
  • +2
21 Comments
 
LVL 9

Assisted Solution

by:73Spyder
73Spyder earned 100 total points
ID: 17806102
I would implement a CAPTHA Solution.  This is the part that generates an image with letters in it that must be entered in.  So far, bots can not do this.

http://www.alagad.com/  has a good component to use.    
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 150 total points
ID: 17806218
There is also a free and opensource captcha solution available from Peter Farrell:
http://lyla.maestropublishing.com/
0
 
LVL 9

Expert Comment

by:73Spyder
ID: 17806240
Yes,  I had forgotten about that site.  
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dawes4000
ID: 17806814
usachrisk1983
 I'm not sure how to implement Capatcha? The documentation says its simple.
I've copied capatchaService.cfc and capatcha.xml over to the directory.
How do I have it appear on the web form? and how do I then take the
textbox info and hace the cfc work it?
0
 
LVL 1

Expert Comment

by:ctdigital
ID: 17808649
If Capatcha is too complicated for you, another viable solution is

http://tutorial406.easycfm.com/

It's a great tutorial - best of luck as Image Verification isn't the simplest of processes.  Secondly if it is injecting hyperlinks into your search box set up some sort of replace statement to remove or not accept submissions with certain content.  IF form.value contains "whatever" do something.  Sorry for the fred flinstone terminology but i gotta run!  Best of luck
0
 

Author Comment

by:dawes4000
ID: 17812316
ctdigital,
I created captchaTest.cfm code given in the documentation. I ran the page and the captcha image was rendered.
So, I am making progress. How do I compare what captcha renders with what a user input into a txtbox for the challenge?
0
 

Author Comment

by:dawes4000
ID: 17812654
Throwing an exception now,

captchaService.cfc
Could not find the ColdFusion Component captchaServiceConfigBean
LINE: default="#CreateObject("component", "captchaServiceConfigBean").init()#" />

captchaServiceConfigBean.cfc is in the same directory as the other cfc's, any ideas for this error?
0
 
LVL 4

Accepted Solution

by:
Oneiroid earned 250 total points
ID: 17814895
Here is a good article you should read about setting up lyla:
http://cfdj.sys-con.com/read/236003.htm

Here's the breakdown (NOT using a config bean).

Application.cfm should contain this (as per the location of your xml file):
<cfparam name="url.reinit" default="false">
<!--- initalize the captcha with the xml config --->
<cfif not structKeyExists(application,"captcha") or url.reinit>
      <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
      <cfset application.captcha.setup() />
</cfif>

Your form should look like this:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
<input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
<img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>                              

The showCaptcha file should contain this:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText is 0>
captcha was empty or failed
</cfif>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17814914
Sorry, missed a bracket:

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
</cfif>
0
 

Author Comment

by:dawes4000
ID: 17815720
Oneiroid,
Thanks for the help. I have not ever used CreateObject() so please forgive my lack of understanding.

I have created captcha.cfm with the code below:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
      <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>
                              
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
                                    
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
</cfif>

My application.cfm file has the following:
<!--- initalize the captcha with the xml config --->
<cfparam name="url.reinit" default="false">

<cfif not structKeyExists(application,"captcha") or url.reinit>
     <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
     <cfset application.captcha.setup() />
</cfif>
<!--- END initalize the captcha with the xml config --->

I created a directory called captcha, this directory includes the following:
img <!--- an image directory --->
captcha.xml
captchaService.cfc
captchaServiceConfigBean.cfc

If I load captcha.cfm I get the following error:
Element HASHREFERENCE is undefined in URL.  
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />

What needs to happen here?
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17815786
The following code should not be in the same file as your form, and should therefore never cause an error.

Paste this code into a new file called showCaptcha.cfm. These should be the ONLY two lines of code in the file.

<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
0
 

Author Comment

by:dawes4000
ID: 17820741
Oneiroid,

showCaptcha.cfm contains the following only:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

It is located same level as my form captcha.cfm, captcha.cfm has the following code:
<!--- CHALLENGE FORM BELOW --->
<cfset variables.captcha = application.captcha.createHashReference() />
      <cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
            <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
      </cfoutput>
<cfparam name="captchaText" default="">
<cfform name="form" action="Captcha.cfm" method="post">
<cfinput type="text" name="captchaText">
<cfinput type="submit" name="btnSubmit" value="submit">
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
User is human
</cfif>
</cfform>

captcha.cfm calls showCaptcha.cfm and the jpeg is rendered. So, showCaptcha.cfm and my directory captcha that contains the service and xml file are working. The problem is the challenge form?
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17820839
I am not quite sure what you are trying to do with that form. You are trying to submit and validate at the same time? Your captchasHash input is not between form tags. Why is your validation code inside the form?

When you say "If I load captcha.cfm I get the following error" - does that mean the error occurs when you load the page, or when you submit the form?

Also, for good measure, chnage the line
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
to
<cfelse>
0
 

Author Comment

by:dawes4000
ID: 17820993
The question is how do I take input from the user and test it with what alpha char are in the jpeg?
0
 

Author Comment

by:dawes4000
ID: 17821130
Oneiroid,
I get it now. The input form captcha.cfm displays the image, hides the hashID, inputs text from user, posts to the testing cfm page.
<cfform name="form" action="CaptchaResult.cfm" method="post">
   <!--- create HashID then set as a variable--->
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <!--- Hide HashID --->
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <!--- reference HashID with JPEG and display JPEG --->
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" /><br>
     </cfoutput>
     <cfparam name="captchaText" default="">
     <cfinput type="text" name="captchaText">
     <!--- post form values to a results page which contains the test --->
     <cfinput type="submit" name="btnSubmit" value="submit"><br>
</cfform>

captchaResult.cfm contains the test with conditional output:
<cfif captchaText EQ "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
<cfelse>
      human
</cfif>


0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821144
That is what the captchaHash does:

<cfif isdefined ("AuthenticateForm")>
   <cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
   <cfelse>
      User is human
   </cfif>
</cfif>

<cfform name="form" action="Captcha.cfm" method="post">
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
     </cfoutput>
   <cfinput type="text" name="captchaText">
   <cfinput type="hidden" name="AuthenticateForm">
   <cfinput type="submit" name="btnSubmit" value="submit">
</cfform>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821151
Posting at the same time. Yes, there you go, your new code looks a lot like mine now ;)

How does it work?
0
 

Author Comment

by:dawes4000
ID: 17821288
What are you doing with <cfinput type="hidden" name="AuthenticateForm">
0
 

Author Comment

by:dawes4000
ID: 17821360
Oneiroid,
I have been messing with the xml file to make adjustments on the appearence of the jpeg, but they changes do not make a difference. Height, width, backgroundColor, all do not change anything. Since this is a new issue for me I will open another question.
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821371
Just using it as an example to identify the submission of a certain form / availability of a variable to compare so that you do not have to post your form to a new page.
0
 

Author Comment

by:dawes4000
ID: 17821549
I'm going to increase the point value too 500 on this question because there was addtional instruction given beyond the original question. I will then split points among three members.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question