Spambot Update: Denied
Charles Johnson
Thu Mar 27, 2008 at 10:20 am PDT • Views: 342
Here’s an update to yesterday’s report on the spambot infestation at LGF, attacking our contact form and “email an article” form: both forms have been available and active since yesterday afternoon, and not one spam email has gotten through since I installed the token-based method (using the jQuery Javascript library) outlined on this page.
The technique is an Ajax adaptation of a secure login method described by Chris Shiflett in his excellent book: Essential PHP Security. If you’re developing PHP web applications, this slim, very concise book should be on your shelf. You’ll need to be fairly fluent in PHP before reading it; it isn’t going to teach you the language, and it assumes you know how to read and understand PHP code. But it has helped me enormously in the design and programming of the LGF Blog Engine, and I recommend it highly.
Also, it has a monitor lizard on the cover.
Frank says: