views:

152

answers:

5

I am running ColdFusion MX, so I don't have the possibility of using the built-in cfimage Captcha functionality in my application, before form submitting.

But the problem is without captcha the bots submit the forms.

What will be best way to prevent automatic submitting?

+4  A: 

A technique I used with a different technology was to use image buttons. Your POST handler gets the x,y co-ordinates where the images were clicked. I found the bots (which are just generating post requests) were passing 0,0 and by dropping those requests on the floor I brought the spam posts down to less than the real ones. Sorry that I don't know how to do that in CF but I hope the technique is useful to you.

Kate Gregory
+8  A: 

Captchas don't have to be images!

Try one of the following solutions:

  • Most bots don't understand CSS. Create two submit buttons, the first with a value that will be rejected by the server, the second with a value that will be accepted by the server. Hide the first one using CSS.
  • Ask the user to answer a simple math problem. This will require you to create the math problem and store the expected solution somewhere (like the user's session), then compare the user's submitted answer with the stored answer. For extra protection, you can create simple addition, subtraction and multiplication questions. Avoid division, remainders are a pain for some users.
  • Bots read the names of form elements, and tend to ignore text labels. Try creating a checkbox named "optout" (like a newsletter), checked by default. Next to the checkbox, ask the user to uncheck the checkbox if they are a human. The opposite technique also works (unchecked checkbox that you ask the user to check).

All of these solutions can be done without third party code or API calls.

That being said, reCAPTCHA is pretty good and easy to integrate into almost any environment.

Charles
While unconvential, I like the CSS solution you gave.
Seidr
+6  A: 

Take a look at cfformprotect - it will work with CFMX 6 and all later engines.

It aims to be fully accessible - and invisible to most users - with an assortment of methods to stop bots and spammers.

Also you might want to look at a CF wrapper for reCaptcha, which is compatible with CFMX 7.

Peter Boughton
+1  A: 

Its always a good idea to do data validation on the server side before processing no matter which solution you use.

This post may help: http://www.bennadel.com/blog/405-Fully-Accessible-Spam-Form-Submission-Blocking-Using-ColdFusion-And-X-HTML-Version-III-.htm

Pragnesh Vaghela
A: 

How about using calculation method? Just like 8 + 5 = ?

OR

how about using ColdFusion.Ajax.submitForm?

ppshein