Good spam fighting idea

If you are dealing with a lot of spam (who isn't?) and you find that lots of spam is getting through your filters, I just saw a cool idea for this problem. As you may know, I am the author of CFFormProtect. While I find that this works 99% of the time, there is the occasional spam that slips through. I was on a site recently that didn't have a Captcha to protect their comment form, but when I submitted my post their spam filter somehow flagged my as a spammer, and then they asked me to fill out a captcha. I think this is a great idea.

If you are familiar with CFFormProtect, you will know that it has a weighting system to flag spam. Posts aren't blocked for any one problem, but rather CFFP takes up to 8 different tests, and if the posts fails x amount of those, it is blocked. So taking the idea I talked about in the first paragraph, maybe you allow posts through that pass 90% of the tests. A post that only passes 70% of the tests might be asked to do some additional validation (maybe a captcha, or moderation, or an email verification). Anything less than 70% is automatically flagged as spam. These numbers are just an example, your mileage will vary. What do you think of that idea?

CFFormProtect 2.1 released

CFFormProtect 2.1 has been released. This new version doesn't have a lot of major new features, mostly bug fixes. One new feature, you can now specify a different config file than the default in the initialization of the CFC. Also, you can how put multiple copies of CFFP into one page (helpful if you have many forms on one page). You can find the new version at the project page.

There were a lot of people that contributed bug fixes and patches, and I don't want to name you all. You know who you are, and thank you. Feel free to drop a comment here to take credit for your work. :)

Alternate version of CFFormProtect

Dan Wilson made some cool modifications to CFFormProtect that he wants to share with the community. I decided not to roll these changes into the main project, but I want to make them available for those that would find them useful. In short, he made CFFP a lot more OO. :) Here are the details:

  • The form initialization code is now CFC based, which is more harmonious with ModelGlue (what Dan uses), as well as other frameworks.
  • He made modifications that allow CFFP configuration from ColdSpring.
  • He wrote a bunch of unit tests.

If this version of CFFP looks like it would easily slide into your projects, give it a try. There is a readme file in the zip that Dan wrote that should get you up and running. Thanks Dan!

Akismet learns, Captcha doesn't

I just had an interesting spam attack on my site. It was identical spam contents posted to a bunch of my comment forms. I am using CFFormProtect (of course, I built it ;). The first couple of attempts got by Akismet, but my other spam detection methods still prevented the spams from posting (yay!). But what happened next shows where Akismet shines and proves that these methods are way better than Captcha. After Akismet had a chance to analayze a few of these spam posts, it started marking them as spam. The contents were exactly the same for every post, and Akismet was able to dynamically learn. However, when a spammer breaks past the Captcha on your site, he has a free pass to all of your forms.

CFFormProtect Compatibility Release

I have released CFFormProtect 2.0.2, which has one minor change that makes it compatible with other CFML versions/engines besides ColdFusion 8. If you are curious, I had used the ++ iterator, which only works in ColdFusion 8. I have tested (or others have tested) this new version in all of the below, and it works fine:
ColdFusion 6.x or better
BlueDragon 6.x or better
Railo 3.x
OpenBD 1.0

CFFormProtect is now in BlogCFC

If you missed the news, CFFormProtect is now built into BlogCFC. So if you use BlogCFC, after you upgrade to version 5.9.2, you just have to add "usecfp" to our ini file and set it to true. Then all of your comment forms will be protected from the evil spammers. :)

CFFormProtect 2.0.1

Yes, that .1 at the end there means this is a bug fix release. I don't know how this slipped through my fingers, but CFFormProtect 2.0 had a major bug that made the whole thing disfunctional. So if you downloaded 2.0, please get 2.0.1 from the project site. Sorry for any inconvenience this may have caused.

CFFormProtect 2.0 released

I have finally pushed version 2.0 out the door. This new version has a lot of bug fixes, and I added support for the Project Honey Pot service. I Have been running this new version on my blog for a week now with no problems, but if you run into any issue please let me know.

If you want to uprade from a previous version, it's pretty trivial (as long as you are using the CFC version, not the .cfm version). For my blog, I just had to drop the new CFC in and change the paths (which is detailed in the directions).

For those that don't know, CFFormProtect is a multifaceted spam prevention component that you can drop into your sites/projects, configure it to suit your needs, and it will silently stop 99% of your spam. It doesn't use Captcha, or any other visible hinderances to your users, it all works in the background. Check out the project site for more details.