[nfbcs] What is CfFormProtect

Mary Donahue braille at satx.rr.com
Fri Mar 2 20:33:12 UTC 2012 

Hello again everyone,

 

                Below is basic information about the CFFormProtect spam
control utility for ColdFusion-based Web sites, blogs and applications.

 

>From the Web Site:

http://cfformprotect.riaforge.org/ 

  CFFormProtect 

Project Home . Blog . Forums . Known Issues . Screenshots . Contact Project 

 

Author: Jake Munson (All RIAForge projects by this author)

Last Updated: September 15, 2010 11:34 AM

Version: 2.1

Views: 81,594

Downloads: 6,706

License: Mozilla Public License 

 

Description: 

 

CFFormProtect is a fully accessible, invisible to users form protection
system to stop spam bots, and even human spammers. CFFormProtect works like
some email spam protection systems, in that it uses a series of tests to
find out if a form submission is from a spammer or not. Each test is given
an amount of points, and each test that is failed accumulates points. Once a
form submission passes the threshold of 'spamminess', the message is flagged
as spam and is not posted. The points assigned to each test and the failure
limit are easily configurable by you.

 

CFFormProtect uses these tests to stop spam:

 

-Mouse movement--Did the user move their mouse? If not, it might be a
spammer. This test is not very strong because lots of people, including the
blind, don't use a mouse when filling out forms. Thus I give this test a low
point level by default.

 

-Keyboard used--Did the user type on their keyboard? This is a fairly strong
test, because almost everybody will need to use their keyboard when filling
out a form (unless they have one of those form filler browser plugins)

 

-Timed form submission--How long did it take to fill out the form? A spam
bot will usually fail this test because it's automated. Also, sometimes spam
bot software will have cached form contents, so the form will look like it
took days to fill out. This test checks for an upper and lower time limit,
and these values can be easily changed to suit your needs.

 

-Hidden form field--Most spam bots just fill out all form fields and submit
them. This test uses a form field that is hidden by CSS, and tests to make
sure that field is empty. If a blind person's screen reader sees this hidden
field, there is a field label telling them not to fill it out.

 

-Too many URLs--This function was added by Dave Shuck. Many spammers like to
submit a ton of URLs in their posts, so you can configure CFFormProtect to
count how many URLs are in the form contents, and raise a flag if the number
is above a configured limit.

 

-Spam keyword list--This function was added by Mary Jo Sminkey. This test
allows you to configure a list of spammy words and phrases that will be used
to weed out spam. For example, if you use the phrase 'free music', a message
containing that phrase might get tagged as spam while just the word 'music'
will pass the test. There is a default list of words/phrases included in the
ini file (thanks to Mary Jo).

 

-Akismet--Most of the above tests can be easily bypassed if a spammer hires
cheap labor to manually fill out forms. However, Akismet attempts to stop
that as well. Akismet is a service provided by the folks that run WordPress
(http://akismet.com/). The free service (for personal use) takes form
contents as input, and returns a yes/no value to tell you if the submission
is spam. This test is disabled by default because you have to obtain an API
key. This is easy to do, and CFFormProtect is easy to configure if you want
to use Akismet.

 

-Project Honey Pot--Like Akismet, Proj. Honey Pot can stop manual spammers
as well. Project Honey Pot is a free web service that identifies spammers by
their IP address. They maintain a huge database of known spammer IP
addresses. If you chose to use this service, CFFP will verify the IP address
of your site's visitors before it will allow them to submit data through
your forms.

 

The beauty of CFFormProtect is that any of the above tests can fail, and the
spam bot can still be stopped. And all of this is possible without making
your users type in hard to read text, and your forms are accessible. And you
don't have to maintain a black list or use an approval queue. 

 

Requirements:

 

 

ColdFusion MX 6 or better

Railo 3.x

BlueDragon 6 or better

OpenBD 1.0

 

CFFormProtect might work on other versions of ColdFusion, or
Railo/BlueDragon. If you know it works on your version, please let me know. 

Issue Tracker: 

 

ID ISSUE STATUS UPDATED 

15 Use of form scope in testTimedFormSubmission() Open 02/28/12 10:15 AM 

14 Timed Form Submission Bug in Railo 3.1.2.001 Windows Open 04/08/11 2:45
PM 

12 Documentation Bug Fixed 03/01/10 4:01 PM 

13 CONFIGFILENAME is undefined in CFFP Fixed 03/01/10 4:01 PM 

5 Combine and compress JS files Closed 12/09/09 4:44 PM 

 

 

View All Issues 

 

To enter issues for this (or any other) project, you must be logged in. 

 

Subversion Access: 

 

You may access this project's Subversion repository with your client here:
http://svn.riaforge.org/cfformprotect. 

 

To view files and changelists associated with this repository, go here:
http://cfformprotect.riaforge.org/index.cfm?event=page.svnbrowse. 

 

Anonymous users have read access to the repository while the administrator
has write access. 

 

This project is sharing its code via Subversion. Subversion is an open
source source control method. You may find more information about Subversion
here: http://subversion.tigris.org/ 

 

 Adobe and the Adobe product names are either registered trademarks or
trademarks of Adobe Systems Incorporated in the United States and/or other
countries.

 

Peter Donahue

More information about the NFBCS mailing list