Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Is using 'Cookies' impractical for 'Contact Us' forms?

by Corion (Pope)
on Jul 07, 2006 at 06:58 UTC ( #559724=note: print w/ replies, xml ) Need Help??


in reply to Is using 'Cookies' impractical for 'Contact Us' forms?

What problem are you trying to solve with cookies and how does it relate to the "Contact Us" form?

If you just have an input form into which people can enter their question and their email address for the response, what do you need cookies for? Maybe my idea of a "Contact Us" form is different from yours.


Comment on Re: Is using 'Cookies' impractical for 'Contact Us' forms?
Re^2: Is using 'Cookies' impractical for 'Contact Us' forms?
by newbie00 (Beadle) on Jul 07, 2006 at 07:32 UTC
    Thanks for your reply.

    The contact form will probably using "image verification" which uses cookies for session management.

    Several folks I have been conversing with are tired of the spam they receive from their 'Contact Us' and other forms (e.g. bogus account signups, multiple submissions, bots, etc.), so I'm trying to be proactive.

      "Hello, I am a blind person and I'm unable to navigate your website"

      I would deal with the problem when it comes to it instead of overdesigning the most basic functionality people need to tell you about faults with the website. As long as your Contact Us form does not send mail and maybe has some (IP-based) throttling, it should be possible to stem a flood of bots.

        Thanks folks.

        How do you do 'IP-based throttling'?

        I'm trying to find some type of preventative measure because as I peruse the web, I see blogs spammed, etc.

        I prefer to put something in place up front since I don't have alot of extra time...

      If you are concerned about locking people out who might not want to or are not able to receive cookies then you should equally be concerned about those people who you are deliberately excluding by using "image verification" (Known as CAPTCHA to most of us.) CAPTCHA is documented as being inaccessible to a significant proportion of the population, and is also not as secure as many people seem to think they are. To be honest the inaccessibility issue should make most people think twice about using them these days as a number of countries have laws requiring equality of access to web sites.

      /J\

        Thanks.

        I've seen that some 'CAPTCHAs' are incorporating 'audio'. That is what I'd like to use. I still have to make a final decision as to which one I'd 'go live' with if I use it. I'd like to find other sources and/or options.

        Is there another method besides 'CAPTCHA' and 'IP-based throttling' since 'IP-based' doesn't work on those systems that continually change IP addresses during a session?

        If I remember correctly, I believe one of the most popular blogs has or is possibly adding 'CAPTCHA' capability. It seems I read that somewhere... Maybe spamming bloggers is growing? Hope not...

        If there is a 'better mousetrap', please let me know. Again, I'd like to have an option available to either circumvent or to institute a 'fix' immediately if it happens. I don't want to wait to do the research...

        Thanks again, folks.

      Several folks I have been conversing with are tired of the spam they receive from their 'Contact Us' and other forms (e.g. bogus account signups, multiple submissions, bots, etc.), so I'm trying to be proactive.

      If it really is just a 'Contact Us' form I wouldn't worry. There's a reason for evil folk to attack account registration forms - but contact us forms? Very rarely a problem in my experience.

        On the NMS support list we actually do see quite a few people reporting "spamming attacks" on both FormMail and TFmail installations used as "Contact Forms". Often these appear to be simply probes to determine whether the program can be exploited to send spam to a third party but we also have seen an increase in people getting stuff that looks like the "spammer" was actually targetting something like phpBB with comment spam; this is probably some robot indiscriminately submitting the data to any likely looking web application.

        In the relatively low volumes that people tend to get this could be shrugged of as a mere irritation, but it could get to be a serious nuisance if one had a large number of forms.

        /J\

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://559724]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (10)
As of 2014-12-26 17:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (173 votes), past polls