Sign Doug's SOTR Petition!

Sign Doug's petition to his boss and help send him to Scotch on the Rocks in 2012!
Recent Entries
Contact Doug!
Learn About Doug!
View Doug Boude's online resume
updated 11/18/2009

View Doug Boude's profile on LinkedIn
Link to me!

Follow Doug Boude on Twitter
Follow me!

Be Doug's friend on Facebook
Befriend me!
(I promise not to follow you home)
OO Lexicon
Chat with Doug!
NO MORE CAREER
POLITICIANS!
Get Out Of Our House: Replacing congress with TRUE citizens!
You may also be interested in...
Web Hosting
best web hosting - top web hosting sites, thetop10bestwebhosting.com

Czech your Page Rank!
Check Page Rank of any web site pages instantly:
This free page rank checking tool is powered by Page Rank Checker service
Surf's Up!
Visit Egosurf.org and massage YOUR web ego!
My Score: 9,001
Doug's Books

Read (and recommend)

  • Men are from Mars, Women are from Venus
  • The Wisdom of Crowds: Why the Many Are Smarter Than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations
  • Blink: The Power of Thinking Without Thinking
  • Head First Design Patterns
  • Transact-SQL Programming
  • What's So Amazing About Grace?
  • Just So Stories (Rudyard Kipling collection)

Reading

  • Prayer: Does it Make Any Difference?
  • Data Mining (Practical Machine Learning Tools and Techniques)
<< May, 2009 >>
SMTWTFS
12
3456789
10111213141516
17181920212223
24252627282930
31
Search Blog

Recent Comments
Re: Basic Ajax Select List Filter in PHP (by opineemia at 2/02 8:47 PM)
Re: PHP vs COLDFUSION (by dougboude at 1/24 9:47 AM)
Re: PHP vs COLDFUSION (by WhatTheHeck at 1/23 7:03 PM)
Re: Recursive Functions in ColdFusion (by Marty McGee at 1/22 1:01 PM)
Re: SQL Forward Engineering with Visio 2003 Professional (by Rama at 1/10 11:05 AM)
Re: PHP Export to Excel Snippet (by rasha at 1/10 1:55 AM)
Re: Fredrick "French" Fry (by Picky eater at 1/09 2:21 PM)
Re: Disappearing IE Popup Window During Save/Open Dialog (by Vivekanand at 1/06 12:51 AM)
Re: Just What IS a 'Service Layer', Anyway? (by Ashishkumar Haldar at 1/05 7:49 AM)
Re: Viewing Option Text (in IE7) that's Wider than the Select List (by ranjit sachin at 12/20 6:22 AM)
Re: Recursive Functions in ColdFusion (by Jason at 12/15 12:13 PM)
Re: Viewing Option Text (in IE7) that's Wider than the Select List (by kt at 12/08 3:47 AM)
Re: PayPal IPN Coldfusion CFC (by Guest at 11/28 6:11 PM)
Re: SQL Forward Engineering with Visio 2003 Professional (by freddy villamil at 11/09 2:49 PM)
Re: Finally Found a Use for CFTHREAD (by criclebrava at 11/09 1:23 PM)
Re: Finally Found a Use for CFTHREAD (by assisisowsfub at 11/07 10:37 PM)
Re: IRRITATING CF QUERY ERROR AND SOLUTION (by dougboude at 10/10 10:48 AM)
Re: Using Google as your CF Mail Server (by hlharkins at 10/09 10:24 AM)
Re: IRRITATING CF QUERY ERROR AND SOLUTION (by Peter Boughton at 10/07 3:15 PM)
Re: My Thoughts on the Current Presidential Contenders (by dougboude at 9/23 12:21 PM)
Categories
Archives
Photo Albums
Funnies (5)
Family (3)
RSS

Powered by
BlogCFM v1.11

23 July 2007
Anti-Spam snippet
When I first began blogging, I was naive enough to think that porn bots (or whatever they're properly called) wouldn't find me. Wrong. So, I enabled the Captcha that comes built in to BlogCFM (yep, not CFC...I'm a rebel). That immediately thwarted their attempts at decorating my blog posts with colorful solicitations. Then a month or two later, I got a sudden influx of the same spam! So, I swapped out my captcha with something that would require some real thought: a math problem. That stopped them for another couple of months, then lo and behold it happened again. I really have no idea how the spam hackers do it, but it has resulted in yet another evolution in my efforts to stop the spam. So far it's worked solidly, so I thought I'd share it in case anybody else might find it useful.

It consists of a function that generates a question that must be answered, and the answer to that question. It will ask the commenter to figure out what letter is exactly X number of places before or after a randomly selected letter in the alphabet, then directs them to type their answer exactly Y number of times in the answer box. Upon page load the correct answer is saved to a persistent variable, then when the comment is submitted the answer typed (form.answer) is compared to the stored answer (session.answer).  Simple enough I think, but with enough randomness to make it something that can't be automatically breached without some real effort.

Here's the code for the function:

<cffunction access="public" name="genQuestion" output="false" returntype="struct" description="I generate a random question to use as an antispam key">
    <cfset var stReturn = structnew() />
    <cfset var firstnum = randrange(1,4) />
    <cfset var secondnum = randrange(1,4) />
    <cfset var letter = randrange(5,20) />
    <cfset var where = randrange(1,2) />
    <cfset var answer = "" />
    <cfset var i = "" />
    <cfset variables.numbers = "one,two,three,four" />
    <cfset variables.letters = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z" />
    <cfset variables.beforeafter = "before,after" />   
    <CFSET stReturn.times = randrange(1,4) />
    <cfset stReturn.question = "What letter comes " & listgetat(variables.numbers,firstnum) & " places " & listgetat(variables.beforeafter,where) & " the letter " & listgetat(variables.letters,letter) & "?<br>Type your answer exactly " & listgetat(variables.numbers,secondnum) & " times in the box below." />
    <cfif where eq 1>
        <cfset letter = letter - firstnum />
    <cfelse>
        <cfset letter = letter + firstnum />
    </cfif>
    <cfloop index="i" from="1" to="#secondnum#" >
        <cfset answer = answer & listgetat(variables.letters,letter)/>
    </cfloop>
    <cfset stReturn.answer = answer />
    <cfreturn stReturn />
</cffunction>

(the function returns a structure containing the keys "question" and "answer")

Here's some starter code for utilizing it:

Code to evaluate saving a comment...
<cfif isDefined("saveComment")>
    <cfif form.answer neq session.answer>
        <cfset errorMessage = errorMessage & "<li>Invalid anti-spam key.  Please try again.</li>#Chr(10)#">
    <cfelse>
        <!--- perform comment saving here --->
    </cfif>
</cfif>


Code for displaying question and capturing answer:
<cfset variables.spamquestion = genQuestion()>

<h3>Please answer the following question:</h3>

<CFOUTPUT><STRONG>#variables.spamquestion.question#</STRONG></CFOUTPUT><br>
Type in the answer to the question you see above:
<input type="text" name="answer" size="6" maxlength="6" required="Yes" Message="You must complete the anti-spam field.">

<!--- save the answer to session for evaluation after the form is submitted... --->
<cfset session.answer = variables.spamquestion.answer>


Hope it helps!   :)



Posted by dougboude at 2:17 AM | PRINT THIS POST! |Link | 6 comments
Subscription Options

You are not logged in, so your subscription status for this entry is unknown. You can login or register here.

Re: Anti-Spam snippet
See the hottest midget porn action on the web. You will see circus midgets, umpa loompas, multi-racial midgets and all your favorite mascots doing the craziest midget porn action on the web. Visit us today.
Posted by tony shortshaft on July 23, 2007 at 1:50 PM

Re: Anti-Spam snippet
I KNEW someone couldn't resist! Thanks Tony, I'll definitely check out the crazy midget porn next chance I get. ;)
Posted by dougboude on July 23, 2007 at 1:54 PM

Re: Anti-Spam snippet
You might check out CFFormProtect. I have had it running on my blog for a long time and have had 0 spam posts get through, and only a couple of false positives. Others have reported similar results.

http://cfformprotect.riaforge.org/
Posted by Jake Munson on July 23, 2007 at 2:58 PM

Re: Anti-Spam snippet
You might as well shut comments off. The requirement is too annoying to be useful.
Posted by ziggy on July 24, 2007 at 4:06 AM

Re: Anti-Spam snippet
Thanks for your constructive input, Ziggy...I'll certainly take it into consideration. ;)
Posted by dougboude on July 24, 2007 at 10:13 AM

Re: Anti-Spam snippet
Couldn't help but notice, though...it didn't seem to be annoying enough to prevent you from telling me how annoying it was...I'm sensing some kind of paradox here....
Posted by dougboude on July 24, 2007 at 10:14 AM

Name:   Required
Email:   Required your email address will not be publicly displayed.

Want to receive notifications when new comments are added? Login/Register for an account.

Time to take the Turing Test!!!

Seven plus Thirteen equals
Type in the answer to the question you see above:

Your comment:

Sorry, no HTML allowed!