Educause Security Discussion mailing list archives
Re: Form spam
From: Marty Hoag <marty.hoag () NDSU EDU>
Date: Thu, 15 Feb 2007 14:50:59 -0600
Aha. I recalled the SANS ISC Diary that Brian mentioned but couldn't find it until this note reminded me that it contained a reference to captcha... ;-) It's at http://isc.sans.org/diary.html?date=2006-11-08 They had a rather interesting approach... marty H. Morrow Long wrote:
You could use a captcha -- and (or combine it) with a username and password to restrict automated form spam. - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS On Feb 15, 2007, at 2:16 PM, Brian Smith-Sweeney wrote:David Dean wrote:Does anyone do anything about form spam? We have application level processes in place but we don't report this the way, say, email spam is reported and track, and sometimes prosecuted. I ask because we're getting more and more. It seems to be the cool new outlet for frustrated email spammers. Thanks, DavidThe ISC at SANS did something on this a while back, because they were getting bombarded; I don't know if they're tracking/reporting this stuff or not. Unfortunately I couldn't find the diary entry where they discussed this but I know they've got something in place. Cheers, Brian -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Smith-Sweeney Sr. Network Security Analyst ITS Technology Security Services, New York University bsmithsweeney () nyu edu <mailto:bsmithsweeney () nyu edu> http://www.nyu.edu/its/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- Form spam David Dean (Feb 15)
- <Possible follow-ups>
- Re: Form spam Brian Smith-Sweeney (Feb 15)
- Re: Form spam H. Morrow Long (Feb 15)
- Re: Form spam Marty Hoag (Feb 15)