Code Forums - View Single Post

DJMaze · 09-06-2005, 02:23 PM

Image verification aka CAPTCHA will work but not if they realy want to harm you because these days, thanks to OCR, a lot of apps can read the image.

To secure your script is session handling probably a better option.

PHP Code:


			
<?php

session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST' && !isset($_SESSION['allow_post']) {

  die('You are bad');

} else {

  $_SESSION['allow_post'] = true;

}

Since search engines and most spam bots ignore session cookies they don't send the session details so they always start with a fresh new session and that way 'allow_post' is never set.
So we prevent access to POST data for mail sending thru a session and that way they never can send a email.

You could also email address verification if they pass this POST prevention and if they still bug you after that something else is probably wrong.

09-06-2005, 02:23 PM	#4 (permalink)
DJMaze Senior Contributor Join Date: Mar 2005 Posts: 678	Image verification aka CAPTCHA will work but not if they realy want to harm you because these days, thanks to OCR, a lot of apps can read the image. To secure your script is session handling probably a better option. PHP Code: `<?php session_start(); if ($_SERVER['REQUEST_METHOD'] == 'POST' && !isset($_SESSION['allow_post']) { die('You are bad'); } else { $_SESSION['allow_post'] = true; }` Since search engines and most spam bots ignore session cookies they don't send the session details so they always start with a fresh new session and that way 'allow_post' is never set. So we prevent access to POST data for mail sending thru a session and that way they never can send a email. You could also email address verification if they pass this POST prevention and if they still bug you after that something else is probably wrong.