[thelist] junk entry into forms (captcha?)

Steven Streight steven.streight at gmail.com
Wed Feb 7 09:57:28 CST 2007

Yes, Bill Moseley, and when captchas are hard to read, sales will be lost.

On 2/7/07, Bill Moseley <moseley at hank.org> wrote:
> On Wed, Feb 07, 2007 at 11:47:41AM +0000, Austin Harris wrote:
> > Morning all,
> >
> > Just had a (very old) client get in touch and the order form that I
> > made for them a fair few yesra ago is now getting hammered - about
> > 50 - 100 per day.
> Besides captchas:
> I find requiring them to fetch the form first stops most of these
> attacks.
> If the application already has sessions I include a token that is only
> valid once for a post and will time out.  So they have to fetch the
> form before submitting to it.
> Without sessions, the other thing I've done is take the time in
> minutes plus a secret word and hash it.  Then when the form is posted
> I calculate the current time and step backwards X number of minutes
> until the hash matches.  That way I know they fetched the form within
> the last X minutes.
> It's amazing how often I can't read the captcha images myself.
> --
> Bill Moseley
> moseley at hank.org
> --
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !

Steven Streight aka Vaspers the Grate
Web Usability. Blog Revolution. Ecommerce.

steven [dot] streight [at] gmail [dot] com


More information about the thelist mailing list