Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Form spam
From: Marty Hoag <marty.hoag () NDSU EDU>
Date: Thu, 15 Feb 2007 14:50:59 -0600

   Aha. I recalled the SANS ISC Diary that Brian
mentioned but couldn't find it until this note
reminded me that it contained a reference to
captcha... ;-)  It's at


They had a rather interesting approach...


H. Morrow Long wrote:
You could use a captcha -- and (or combine it)
with a username and password to restrict
automated form spam.

- H. Morrow Long, CISSP, CISM, CEH
  University Information Security Officer
  Director -- Information Security Office
  Yale University, ITS

On Feb 15, 2007, at 2:16 PM, Brian Smith-Sweeney wrote:

David Dean wrote:
Does anyone do anything about form spam?  We have application level
processes in place but we don't report this the way, say, email spam is
reported and track, and sometimes prosecuted.  I ask because we're
getting more and more.  It seems to be the cool new outlet for
frustrated email spammers.

The ISC at SANS did something on this a while back, because they were
getting bombarded; I don't know if they're tracking/reporting this stuff
or not.  Unfortunately I couldn't find the diary entry where they
discussed this but I know they've got something in place.


Brian Smith-Sweeney      Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney () nyu edu <mailto:bsmithsweeney () nyu edu>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]