Random Code in CGI/Perl script

[dharrison]

Please help

I have a client who has to use a CGI/perl form script for his online enquiry form at Quality Matters He absoltely cannot use PHP as his main email address is AOL and it comes up as gobbledygook.

Anyway, my question is: Can anyone recommend a good security feature (eg. random code/image) that can make this form any more secure?

I have tried figlet but its a bit confusing to set up.

Any help will be gratefully received.

TIA

[RegDCP]

After a lot of research into the same problem I came to the conclusion that PHP is the only way to go.

His AOL address should not come up as garbage but an email address @quality-matters.com could be used for the PHP, and redirected to his AOL address through his hosting server's admin, if needs be.

Reg

[dharrison]

Thanks Reg

I have managed to get the figlet function working so I shall see how that goes.

It not then changes may have to be made.

I agree about the PHP though and give you kudos though.

[scotthai]

Hey There,
You posted a very interesting topic, although you have already finished the script from figit, or whatever it was, you just handled a real difficult topic. I have been able to use PHP to write the security images, however, I have also been able to use remote JavaScript, which is obfuscated to the robot or SPAM bot, and this sets a cookie that I am able to pick up apon after the script has gone to the CGI bin. However, a new and better technique is to use an AJAX based email form, if you use deep rooting, ex. ../../../forms/email.html, then pop the AJAX email form over the page by using an empty div and writing the innerHTML via Javascript, to pull the email page into the original page, the robot will get confused. It won't be able to send an email via your form, because it won't be able to find the form, which in essence is in an empty div in your html. This is a flawless technique, until the robots get smarter and begin to follow AJAX paths. However, going back to the obfiscation, if you use a javascript obfiscation program prior to the launch of the page which is making the AJAX call to the email form, you will undoubtedly never become prey for the SPAMbots again, and AJAX is fun to use as well.

This was long and confusing. I just wanted to say that their is another non-PHP technique as well!!

-Scott
San Jose

[dharrison]

No thats good Scott. I haven't taken the time to learn AJAX yet. Its on my list.

Are there any good tutorials you would recommend?