[pmwiki-users] EMail Form Spam
Sandy
sandy at onebit.ca
Fri Feb 9 16:43:02 CST 2007
Patrick R. Michaud wrote:
> On Fri, Feb 09, 2007 at 02:49:45PM -0500, Sandy wrote:
>> I'm using Emailform-s , which supposedly requires entry of a three-digit
>> random code, but it looks like the spammer is circumventing that entirely.
>
> Actually, the way that emailform-s is written it's not at all hard for
> a spammer to circumvent the random code. All the spammer has to do
> is to submit a form where the 'ACodeReturn' hidden field matches
> the 'ACodeEntered' field. The spammer can even use any code he/she/it
> wants -- all the recipe is doing on the receiving end is checking
> that the two fields match. (In fact, if the spammer just leaves
> both fields off entirely the recipe will deliver the message.)
Ah, well, another program to move to the "learning PHP" pile. I
"borrowed" the code from one of the CommentBox recipes, but obviously
missed a bit. Spam is still less than before I started using it.
>> Any ideas? Not the biggest source of spam I get, but I'd like to squash it.
>
> I think the mailform recipe probably needs some re-working from scratch,
> especially to take advantage of some of PmWiki 2.2's new features.
> I've also been toying with the idea of creating a (:input captcha:)
> control that can be placed in forms to perform captcha-like verification.
>
In which case I'll not rush to improve it, unless I feel like the exercise.
Cheers!
Sandy
More information about the pmwiki-users
mailing list