This content has been marked as final. Show 3 replies
Try make sure the form submission is coming from your site.
cfif cgi.server_name eq "your ip address"
You can also check the to make sure the form is being submitted by your form
cfif cgi.http_referer eq "your_form_page.cfm"
You can also record the ip address of the remote computer that creates an account and only allow one account per IP address. This is not the best since there are proxy servers where every uses ip address is reported as the same address.
Once this that I do is to generate a unique key that gets passed as a hidden field in the form and saved as a temporary session variable and then on the action page I compare the form value to the session value to see if they match. A hacker submitting a form from a remote server will not have the proper unique id.
All great suggestions! thank you so much! To the person who asked me about CAPTCHA; yes, I am familiar with that method but as of yet have been unsuccessful in getting it to work. I found two ColdFusion freebies on the web but haven't had any luck with them so far:
Open Source Captcha CFC
I think that I will continue to try to get these to work and if I can't figure them out by the end of the day I will resort to Wil's excellent suggestions. Thanks again!!!