Solved

How to make a simple webform request secure from spam?

Posted on 2006-10-25
21
317 Views
Last Modified: 2013-12-24
I have a web form and need it to be secure from spam I've got a robot that has found my form and is injecting hyperlinks into my text boxes. This is not good, Iv'e thought using an obfuscator would work not sure. Any suggestions?
0
Comment
Question by:dawes4000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7
  • 2
  • +2
21 Comments
 
LVL 9

Assisted Solution

by:73Spyder
73Spyder earned 100 total points
ID: 17806102
I would implement a CAPTHA Solution.  This is the part that generates an image with letters in it that must be entered in.  So far, bots can not do this.

http://www.alagad.com/  has a good component to use.    
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 150 total points
ID: 17806218
There is also a free and opensource captcha solution available from Peter Farrell:
http://lyla.maestropublishing.com/
0
 
LVL 9

Expert Comment

by:73Spyder
ID: 17806240
Yes,  I had forgotten about that site.  
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:dawes4000
ID: 17806814
usachrisk1983
 I'm not sure how to implement Capatcha? The documentation says its simple.
I've copied capatchaService.cfc and capatcha.xml over to the directory.
How do I have it appear on the web form? and how do I then take the
textbox info and hace the cfc work it?
0
 
LVL 1

Expert Comment

by:ctdigital
ID: 17808649
If Capatcha is too complicated for you, another viable solution is

http://tutorial406.easycfm.com/

It's a great tutorial - best of luck as Image Verification isn't the simplest of processes.  Secondly if it is injecting hyperlinks into your search box set up some sort of replace statement to remove or not accept submissions with certain content.  IF form.value contains "whatever" do something.  Sorry for the fred flinstone terminology but i gotta run!  Best of luck
0
 

Author Comment

by:dawes4000
ID: 17812316
ctdigital,
I created captchaTest.cfm code given in the documentation. I ran the page and the captcha image was rendered.
So, I am making progress. How do I compare what captcha renders with what a user input into a txtbox for the challenge?
0
 

Author Comment

by:dawes4000
ID: 17812654
Throwing an exception now,

captchaService.cfc
Could not find the ColdFusion Component captchaServiceConfigBean
LINE: default="#CreateObject("component", "captchaServiceConfigBean").init()#" />

captchaServiceConfigBean.cfc is in the same directory as the other cfc's, any ideas for this error?
0
 
LVL 4

Accepted Solution

by:
Oneiroid earned 250 total points
ID: 17814895
Here is a good article you should read about setting up lyla:
http://cfdj.sys-con.com/read/236003.htm

Here's the breakdown (NOT using a config bean).

Application.cfm should contain this (as per the location of your xml file):
<cfparam name="url.reinit" default="false">
<!--- initalize the captcha with the xml config --->
<cfif not structKeyExists(application,"captcha") or url.reinit>
      <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
      <cfset application.captcha.setup() />
</cfif>

Your form should look like this:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
<input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
<img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>                              

The showCaptcha file should contain this:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText is 0>
captcha was empty or failed
</cfif>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17814914
Sorry, missed a bracket:

And your captcha test should look like this:
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
</cfif>
0
 

Author Comment

by:dawes4000
ID: 17815720
Oneiroid,
Thanks for the help. I have not ever used CreateObject() so please forgive my lack of understanding.

I have created captcha.cfm with the code below:
<cfset variables.captcha = application.captcha.createHashReference() />
<cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
      <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
</cfoutput>
                              
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
                                    
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
</cfif>

My application.cfm file has the following:
<!--- initalize the captcha with the xml config --->
<cfparam name="url.reinit" default="false">

<cfif not structKeyExists(application,"captcha") or url.reinit>
     <cfset application.captcha = CreateObject("component","captcha.captchaService").init(configFile="captcha/captcha.xml") />
     <cfset application.captcha.setup() />
</cfif>
<!--- END initalize the captcha with the xml config --->

I created a directory called captcha, this directory includes the following:
img <!--- an image directory --->
captcha.xml
captchaService.cfc
captchaServiceConfigBean.cfc

If I load captcha.cfm I get the following error:
Element HASHREFERENCE is undefined in URL.  
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />

What needs to happen here?
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17815786
The following code should not be in the same file as your form, and should therefore never cause an error.

Paste this code into a new file called showCaptcha.cfm. These should be the ONLY two lines of code in the file.

<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />
0
 

Author Comment

by:dawes4000
ID: 17820741
Oneiroid,

showCaptcha.cfm contains the following only:
<cfset variables.captcha = application.captcha.createCaptchaFromHashReference("file",url.hashReference) />
<cfcontent type="image/jpg" file="#variables.captcha.fileLocation#" deletefile="true" reset="false" />

It is located same level as my form captcha.cfm, captcha.cfm has the following code:
<!--- CHALLENGE FORM BELOW --->
<cfset variables.captcha = application.captcha.createHashReference() />
      <cfoutput>
      <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
            <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
      </cfoutput>
<cfparam name="captchaText" default="">
<cfform name="form" action="Captcha.cfm" method="post">
<cfinput type="text" name="captchaText">
<cfinput type="submit" name="btnSubmit" value="submit">
<cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
captcha was empty or failed
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
User is human
</cfif>
</cfform>

captcha.cfm calls showCaptcha.cfm and the jpeg is rendered. So, showCaptcha.cfm and my directory captcha that contains the service and xml file are working. The problem is the challenge form?
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17820839
I am not quite sure what you are trying to do with that form. You are trying to submit and validate at the same time? Your captchasHash input is not between form tags. Why is your validation code inside the form?

When you say "If I load captcha.cfm I get the following error" - does that mean the error occurs when you load the page, or when you submit the form?

Also, for good measure, chnage the line
<cfelseif captchaText NEQ application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
to
<cfelse>
0
 

Author Comment

by:dawes4000
ID: 17820993
The question is how do I take input from the user and test it with what alpha char are in the jpeg?
0
 

Author Comment

by:dawes4000
ID: 17821130
Oneiroid,
I get it now. The input form captcha.cfm displays the image, hides the hashID, inputs text from user, posts to the testing cfm page.
<cfform name="form" action="CaptchaResult.cfm" method="post">
   <!--- create HashID then set as a variable--->
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <!--- Hide HashID --->
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <!--- reference HashID with JPEG and display JPEG --->
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" /><br>
     </cfoutput>
     <cfparam name="captchaText" default="">
     <cfinput type="text" name="captchaText">
     <!--- post form values to a results page which contains the test --->
     <cfinput type="submit" name="btnSubmit" value="submit"><br>
</cfform>

captchaResult.cfm contains the test with conditional output:
<cfif captchaText EQ "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
<cfelse>
      human
</cfif>


0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821144
That is what the captchaHash does:

<cfif isdefined ("AuthenticateForm")>
   <cfif captchaText eq "" or application.captcha.validateCaptcha(form.captchaHash,form.captchaText) is 0>
      captcha was empty or failed
   <cfelse>
      User is human
   </cfif>
</cfif>

<cfform name="form" action="Captcha.cfm" method="post">
   <cfset variables.captcha = application.captcha.createHashReference() />
     <cfoutput>
        <input type="hidden" name="captchaHash" value="#variables.captcha.hash#" />
        <img src="showCaptcha.cfm?hashReference=#variables.captcha.hash#" border="1" />
     </cfoutput>
   <cfinput type="text" name="captchaText">
   <cfinput type="hidden" name="AuthenticateForm">
   <cfinput type="submit" name="btnSubmit" value="submit">
</cfform>
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821151
Posting at the same time. Yes, there you go, your new code looks a lot like mine now ;)

How does it work?
0
 

Author Comment

by:dawes4000
ID: 17821288
What are you doing with <cfinput type="hidden" name="AuthenticateForm">
0
 

Author Comment

by:dawes4000
ID: 17821360
Oneiroid,
I have been messing with the xml file to make adjustments on the appearence of the jpeg, but they changes do not make a difference. Height, width, backgroundColor, all do not change anything. Since this is a new issue for me I will open another question.
0
 
LVL 4

Expert Comment

by:Oneiroid
ID: 17821371
Just using it as an example to identify the submission of a certain form / availability of a variable to compare so that you do not have to post your form to a new page.
0
 

Author Comment

by:dawes4000
ID: 17821549
I'm going to increase the point value too 500 on this question because there was addtional instruction given beyond the original question. I will then split points among three members.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question