 Rogue website enquiries |
  |
| bigginge |
 Aug 31 2013, 07:22 AM
Post
#1
|
|
Member  Group: Members Posts: 58 Joined: 23-January 12 Member No.: 16,315  |
I did a website for a friend a couple of years ago for IT Training. Each course has a booking form and he has recently been getting meaningless applications. The form uses cgi and is:
CODE form action="http://www.someonessite.co.uk/cgi-bin/cgiwrap/someonessite/submitform.cgi" method="post" name="Course_Booking" id="Course_Booking" onsubmit="return fValidateBooking(this)"> <input type="hidden" name="recipient" value="training@someonessite.co.uk" /> <input type="hidden" name="redirect" value="http://www.someonessite.co.uk/booking_submission.htm " /> <input type="hidden" name="sort" value="alphabetic" /> <div align="center"> <table border="0" cellpadding="5" bgcolor="#FAA61A" cellspacing="0" width="100%"> <tr> <td width="1%" bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6" class="bodytxt"><strong>I have read and agree to <a href="../../terms.htm">someonessite's Terms and Conditions</a>:</strong></td> <td width="49%" align="left" bgcolor="#c8ecf6" style="margin-left: 6px; margin-right: 6px; padding-left: 6px; padding-right: 6px"><input type="radio" value="Yes" checked="checked" name="A1_Agree_Terms" /> <span class="tdbook"><span class="bodytxt"><strong>Yes</strong></span></span> <input type="radio" name="A1_Agree_Terms" value="No" /> <span class="bodytxt"><strong>No</strong></span></td> <td width="2%" bgcolor="#c8ecf6" style="margin-left: 6px; margin-right: 6px; padding-left: 6px; padding-right: 6px"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" bgcolor="#a5e5f7" class="tdbook"><span class="bodytxt"><strong>Customer number:</strong></span></td> <td align="left" bgcolor="#a5e5f7"><input name="B1_Customer_Number" type="text" class="bodytxt" size="10" /><font color="#000000"> </font></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6" class="tdbook"><span class="bodytxt"><strong>Company name:</strong></span></td> <td align="left" bgcolor="#c8ecf6"><input name="B2_Customer_Name" type="text" class="bodytxt" size="30" /></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" valign="top" bgcolor="#a5e5f7"><span class="tdbook"><span class="bodytxt"><strong>Address:</strong></span></span></td> <td align="left" bgcolor="#a5e5f7"><textarea name="B3_Customer_Address" cols="30" rows="3" class="bodytxt"></textarea></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6"><span class="tdbook"><span class="bodytxt"><strong>Telephone number:</strong></span></span></td> <td align="left" bgcolor="#c8ecf6"><input name="B4_Customer_Phone" type="text" class="bodytxt" size="20" /></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6"><span class="tdbook"><span class="bodytxt"><strong>Your name:</strong></span></span></td> <td align="left" bgcolor="#c8ecf6"><input name="D1_Booked_By" type="text" class="bodytxt" size="30" /></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6" class="bodytxt"><strong>Your e-mail:</strong><small><font color="#000000" class="bodytxt">(required)</font></small></td> <td align="left" bgcolor="#c8ecf6"><input name="D2_EMail" type="text" class="bodytxt" size="30" /></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" bgcolor="#a5e5f7" class="bodytxt"><strong>Purchase order number:</strong></td> <td align="left" bgcolor="#a5e5f7"><input name="D3_PO_Number" type="text" class="bodytxt" size="20" /></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6"><span class="bodytxt"><strong>Commencement date:</strong></span></td> <td align="left" bgcolor="#c8ecf6"><select name="E1_Course_Date" size="1"> <OPTION >15 Feb 13 - Northampton</OPTION> <OPTION >03 Jun 13 - Northampton</OPTION> <OPTION >20 Sep 13 - Northampton</OPTION> </select></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" bgcolor="#a5e5f7" class="bodytxt"><strong>Is this a confirmed or provisional booking?</strong></td> <td align="left" bgcolor="#a5e5f7"><input type="radio" name="E2_Status" value="Confirmed" checked="checked" /> <span class="bodytxt"><strong>Confirmed</strong> <input type="radio" name="E2_Status" value="Provisional" /> <strong>Provisional</strong></span></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#c8ecf6"> </td> <td colspan="2" align="left" bgcolor="#c8ecf6"><span class="bodytxt"><strong>Number of delegates</strong></span></td> <td align="left" bgcolor="#c8ecf6"><select name="E3_How_Many_Delegates" size="1"> <option selected="selected" value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> </select></td> <td bgcolor="#c8ecf6"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" valign="top" bgcolor="#a5e5f7" class="bodytxt"><strong>Delegate names:</strong></td> <td align="left" bgcolor="#a5e5f7"><textarea name="E4_Delegate_Names" cols="30" rows="3" class="bodytxt"></textarea></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="2" align="left" bgcolor="#a5e5f7" class="bodytxt"><strong>Would you like hotel details emailed to you?</strong></td> <td align="left" bgcolor="#a5e5f7"><input type="radio" value="No" checked="checked" name="F1_Email_Hotel_Details" /> <span class="bodytxt"><strong>No</strong> <input type="radio" name="F1_Email_Hotel_Details" value="Yes" /> <strong>Yes</strong></span></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td colspan="3" align="left" valign="top" bgcolor="#a5e5f7" class="bodytxt"><strong>Press</strong> <input type="submit" value="Submit Booking" name="A0_Booking_For_ISOVR_ISERIES_OVERVIEW" /> <strong>to send your reservation to someonessite or Press</strong> <input type="reset" value="Cancel" name="Reset_Booking" /> <strong>to clear the booking form. We will confirm the booking in due course. Thank You.</strong></td> <td bgcolor="#a5e5f7"> </td> </tr> <tr> <td bgcolor="#a5e5f7"> </td> <td width="23%" align="left" bgcolor="#a5e5f7" class="bodytxt"><a href="../ASOVR/index.htm" target="_self" class="nav"><b>Return to Course Details</b></a></td> <td width="25%" bgcolor="#a5e5f7" ></td> <td bgcolor="#a5e5f7" class="bodytxt"><a href="../ASOVR/index.htm" target="_self" class="textright"></a></td> <td bgcolor="#a5e5f7"> </td> </tr> </table> </div></form></td> The emails he has received are like this: A0_Booking_For_ISOVR_ISERIES_OVERVIEW: Submit Booking A1_Agree_Terms: No B1_Customer_Number: TlfYePQUk B2_Customer_Name: Dix B3_Customer_Address: I comment when I like a post on a webitse or I have something to contribute to the discussion. Usually it is triggered by the fire displayed in the post I browsed. And on this article discoSWAG is making moves by leaps and bounds and we are doing it all for you! | discoswag. I was moved enough to post a comment I do have some questions for you if it's allright. Is it only me or does it look like a few of the comments come across like they are coming from brain dead individuals? And, if you are posting at additional sites, I'd like to follow anything fresh you have to post. Would you list the complete urls of your public pages like your linkedin profile, Facebook page or twitter feed? B4_Customer_Phone: guDeWfek4B D1_Booked_By: o10sk5136YPn D2_EMail: louise_s@wp.pl D3_PO_Number: dN39jYlB E1_Course_Date: 03 Jun 13 - Northampton E2_Status: Provisional E3_How_Many_Delegates: 3 E4_Delegate_Names: I comment when I like a post on a webitse or I have something to contribute to the discussion. Usually it is triggered by the fire displayed in the post I browsed. And on this article discoSWAG is making moves by leaps and bounds and we are doing it all for you! | discoswag. I was moved enough to post a comment I do have some questions for you if it's allright. Is it only me or does it look like a few of the comments come across like they are coming from brain dead individuals? And, if you are posting at additional sites, I'd like to follow anything fresh you have to post. Would you list the complete urls of your public pages like your linkedin profile, Facebook page or twitter feed? F1_Email_Hotel_Details: Yes Reset_Booking: Jqdys4YW3B1 Could anyone please advise me how to stop the rogue bookings? Do I need to use a new way of making a form? My PHP/CGI knowledge is fairly limited, any help gratefully accepted. |
  |
 
|
| Christian J |
Aug 31 2013, 09:22 AM
Post
#2
|
|
. Group: WDG Moderators Posts: 9,656 Joined: 10-August 06 Member No.: 7 |
QUOTE(bigginge @ Aug 31 2013, 02:22 PM)  he has recently been getting meaningless applications. Looks like ordinary form spam to me. QUOTE Could anyone please advise me how to stop the rogue bookings? There are many ways, the hard thing is to choose one that's effective against bots without creating problems for legitimate users. Also any widely used technique that you've found on the web is likely known by better spambots already, so try customizing anything you use. A simple trick is to remove the form's ACTION value, and then reinsert it again through a custom javascript. Make sure that the ACTION URL isn't directly readable in the javascript itself, by scrambling the URL string. Also make sure to change the server-side script's URL, since it's apparently already known by spammers. The effectiveness of this depends entirely on the javascript, and if a spambot is able to run javascript just like a web browser it may not work at all. It will also stop the form from working for users with JS disabled, so you should at least add a notice about JS being required in a NOSCRIPT element. Another idea might be to use questions that supposedly only humans are able to answer correctly. Again it's important not to make it too confusing for real humans. See also http://webdesign.about.com/od/forms/qt/pro...om-spammers.htm |
|
|
|
| bigginge |
Aug 31 2013, 09:31 AM
Post
#3
|
|
Member Group: Members Posts: 58 Joined: 23-January 12 Member No.: 16,315 |
Thank you, your reply is much appreciated, as is the link you posted which explains a lot. I don't understand what you mean by 'remove the form's ACTION value, and then reinsert it again through a custom javascript.', so I shall need to research it.
Thank you again. |
|
|
|
| Christian J |
Aug 31 2013, 10:42 AM
Post
#4
|
|
. Group: WDG Moderators Posts: 9,656 Joined: 10-August 06 Member No.: 7 |
QUOTE(bigginge @ Aug 31 2013, 04:31 PM) I don't understand what you mean by 'remove the form's ACTION value, and then reinsert it again through a custom javascript.', Just something like this: CODE <form method="post" id="f" action=""> ... </form> <script type="text/javascript"> var u='/.../.../submitform.cgi'; document.getElementById('f').action=u; </script> <noscript><p>Javascript is required to use the form above.</p></noscript> A spambot (or browser) that doesn't support javascript will submit the above form to back to the form page itself, while browsers (or spambots) that do support javascript will submit it to "/.../.../submitform.cgi" (where the actual server-side script is). You may also want to use some "encryption" javascript, so that the form URL isn't in clear text in the javascript. |
|
|
|
| bigginge |
Sep 1 2013, 03:22 AM
Post
#5
|
|
Member Group: Members Posts: 58 Joined: 23-January 12 Member No.: 16,315 |
Thanks again, I shall get on to this tomorrow and try and sort it out. Your help is much appreciated.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 26th April 2024 - 12:16 AM |
Invision Power Board
© 2024 IPS, Inc.
Licensed to: HTMLHelp.com, LLC