Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re^5: Is using 'Cookies' impractical for 'Contact Us' forms?

by gellyfish (Monsignor)
on Jul 07, 2006 at 10:02 UTC ( #559753=note: print w/replies, xml ) Need Help??

in reply to Re^4: Is using 'Cookies' impractical for 'Contact Us' forms?
in thread Is using 'Cookies' impractical for 'Contact Us' forms?

Of course even a combination of both audio and visual CAPTCHA is going to be inaccessible to a certain proportion of people, and audio CAPTCHA is equally vulnerable to this kind of exploit as the purely visual method.

IP throttling schemes will also fail in the face of a concerted "attack" from someone who avails themselves of the large number of open HTTP proxies (either mis-configured or opened up by some malware.) In checking hosts involved in reports we have seen on the NMS mailling list it could be that upwards of half of them are known open proxies or otherwise exploited hosts.

The NMS TFmail program implements a DNSBL type technique to protect from open proxies, exploited machines and other known abusive hosts: there is a bit of background in my talk from yapc::Europe last year.

To be honest you could do worse than using the TFmail rather than writing your own "contact form" program as we are actively (if fitfully) developing it and are keen to implement more "attack mitigation" measures in the future.


  • Comment on Re^5: Is using 'Cookies' impractical for 'Contact Us' forms?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://559753]
[Eily]: hey, I'm just behind Larry in SioB \o/
[Corion]: Eily: Wheee ;)
[Eily]: I'll add that to my résumé

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2018-01-22 11:10 GMT
Find Nodes?
    Voting Booth?
    How did you see in the new year?

    Results (233 votes). Check out past polls.