CFFormProtect Rocks!

Posted At : May 12, 2009 11:38 AM | Posted By : Jamie Krug
Related Categories: CFML

Others have praised CFFormProtect, but I wanted to share a couple quick stats and give another shout out to Jake Munson for the very useful CFFormProtect. If you're not familiar with CFFormProtect, here is a snippet from the description at RIAForge:

CFFormProtect is a fully accessible, invisible to users form protection system to stop spam bots, and even human spammers. CFFormProtect works like some email spam protection systems, in that it uses a series of tests to find out if a form submission is from a spammer or not. Each test is given an amount of points, and each test that is failed accumulates points. Once a form submission passes the threshold of 'spamminess', the message is flagged as spam and is not posted. The points assigned to each test and the failure limit are easily configurable by you.

It is quite simple to implement, and the code is rather simple and lightweight, but brilliantly useful and powerful! The latest version of BlogCFC ships with CFFormProtect and you can optionally enable it to block comment spam. I rarely see any comment spam get through on my blog, but this morning I had a flurry of 10 or more, from the same spammer. I was quickly able to tweak my INI file for CFFormProtect so this particular spam would be blocked from now on. I also decided to peak at the log file for CFFormProtect (you can optionally have CFFormProtect log blocked spam occurrences) and noticed that my blog gets a *LOT* of comment spam, but I never have to deal with it, thanks to CFFormProtect!

This morning was the first comment spam I've had get through in months, but it turns out that CFFormProtect has quietly blocked more than 80 spam attempts for me in just the last 24 hours! If you're a CFML developer and you'd like to protect any form from spam without bothering with CAPTCHA, I highly encourage you to check out CFFormProtect.

Comments (4) | 8747 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Rick Mason's Gravatar Just presented on it at our CFUG last night. Its a truly amazing product that should be a part of any public facing CF site.
# Posted By Rick Mason | 5/13/09 9:06 AM
Sebastiaan's Gravatar We implement it for ALL our customers' sites - they don't even know it's there ;-) If they ask for a Captcha I tell them we'll deliver, only we'll do one better - no Captcha but still protected. Often their eyes just get a vacant stare of disbelief, but in the end they're always happy with the implementation. Currently we're working on centralizing the config in our CMS per customer. Thanx 2 Jake Munson for this tool ;-)
# Posted By Sebastiaan | 5/19/09 5:52 AM
Sam Daams's Gravatar Was just doing a Google search to find the links to thank Jake myself and this blog post came up. We rolled this out across all our blogs about a month ago. There's 15000 odd blogs, although in fairness, most have not enabled public commenting. We needed a system that was totally hands off for our users since most just want their parents to leave a comment on their trip, and don't want to concern themselves with the back end (fair enough!).

We also enabled the option for users to get their own akismet key which is something you can tie into cfformprotect.

All up, the system is fantastic. I'm still emailing myself all rejections and I'm yet to see a false positive! That's pretty darn impressive.

Just thought I'd add for others considering this :)
# Posted By Sam Daams | 5/25/09 10:02 AM
Jamie Krug's Gravatar @Sam Daams: Thanks for the comment. I was aware of the Akismet option, but fortunately really haven't needed it!
# Posted By Jamie Krug | 5/25/09 10:12 AM
BlogCFC was created by Raymond Camden.