protect perl script from spammers

[mehere]

Hi guys

I have a basic perl script for form processing for various purposes, e.g.
adding results to a text file. What I want to know is how best to protect
the perl script from hijackers spamming the form and thus having my
results.txt file filled with crap.

I could obviously get a different form etc but I'd like to know still how to
protect a form without needing to password protect it. Form is open to
general access like a guestbook. I have been looking at Captcha but I am
not sure if that is the best or easiest way to stop hijackers hijacking my
forms.

Anyway if anyone can provide me with some pointers or betters ways to
protect my forms from being hijacked please let me know and point me to some
code for me to have a look at, or if CAPTCHA is the best way does anyone
have some simple code etc I can use to add to my existing forms.

Cheers

Greg

 

[Gunnar Hjalmarsson]

I have a basic perl script for form processing for various purposes, e.g.
adding results to a text file. What I want to know is how best to protect
the perl script from hijackers spamming the form and thus having my
results.txt file filled with crap.

I could obviously get a different form etc but I'd like to know still how to
protect a form without needing to password protect it. Form is open to
general access like a guestbook. I have been looking at Captcha but I am
not sure if that is the best or easiest way to stop hijackers hijacking my
forms.

Neither am I. IMO this is about a trade-off between the (in-)convenience
for the users and your own convenience.

Even if the referer header can be faked, a referer check makes it more
difficult to accomplish automated bogus submissions.

But please note that your question is off topic here. I'd recommend that
you seek advice in comp.infosystems.www.authoring.cgi instead. If you
haven't posted there before, read
http://www.thinkspot.net/ciwac/howtopost.html first.

... does anyone have some simple code etc ...

http://search.cpan.org/search?query=captcha

 

[Jürgen Exner]

I have a basic perl script for form processing for various purposes,
e.g. adding results to a text file. What I want to know is how best
to protect the perl script from hijackers spamming the form and thus
having my results.txt file filled with crap.

Trivial. Two steps:
- Grant execute permissions only to those whom you trust
- enforce authentication and log all activities such that any spammer will
leave a trail. Then HR can take care of them

I could obviously get a different form etc but I'd like to know still
how to protect a form without needing to password protect it. Form
is open to general access like a guestbook.

Oh, you are talking about a web service? Why didn't you say so in the
beginning.
comp.web.authoring.cgi or whatever that NG is called is on the other side of
the hallway

jue

 

[Gunnar Hjalmarsson]

I don't want to prolong the thread ... But what is wrong with Captcha?

After having stripped the sentence where I explained why I don't
consider captcha to be _the_ solution in all cases, you make it sound as
if I had claimed that captcha is "wrong". By doing so, you indeed
prolonged the thread unnecessarily. ;-)

For the record, I said: "IMO this is about a trade-off between the
(in-)convenience for the users and your own convenience."

 

[Matt Garrish]

I don't want to prolong the thread here since as above you should put it
in the other forum/newsgroup. But what is wrong with Captcha? I am too
green to say that it is definitly the wright or wrong way to go, but if
all the biggie sites use it, how wrong can they all be? If there were a
better way, wouldn't at least "some" of them be using this other method?

Herd mentality does not make things right. I read what was being discussed
not as good/bad, but as inconvenience to the user, which is what any captcha
is.

They also only make it more difficult to abuse a site, not impossible. With
a bit of brain power and a little time (or a really good OCR program) you
could write a program to take the graphic and determine the code. It
probably won't always work (hence the design premise of captchas), but even
1/100 are good odds for spammers.

Matt

 

[mehere]

Totally agree, and while the original poster has not replied again (nor
posted in the proper forum,), just wanted to leave last bit of advice as
in the path I chose, if it helps:

.... snip


Yes OP - being me - did not reply as have not been here for a liitle while
also as per the first reply I was politely told wrong forum and had not yet
got around to reposting in 'correct' forum.

Thanks

Greg