Can PHP help?: Restrict CGI exec to HTML page usage?

whr76

Newbie desires a quick pointer to where to look:

I have a website that has one page which invokes a CGI/Perl script to add comments to a forum page on my site via Form POST...(FYI: all the web pages and the script are custom coded by myself)...fine...BUT...I'm getting spam attempts from someone who appears to be executing the CGI without going thru MY web page to invoke it...at least it seems that way...

I'd like to give some kind a warning message and potentially block access to the CGI unless they came from a specific page on MY site, such as main index, or maybe certain selected other pages on my site.

Is PHP a potential solution for this? Thanks!

And any other ideas for blocking this type of spam attempts?

etully

Instead of making the Form static HTML, you should have the form page be written in PHP or Perl so that the form can be mostly static with a tiny bit of dynamic content in it.

Pick a random 8 digit number, and write it to a database. Now embed that number in the form like this:
<input type=hidden name="secret_code" value="<? echo $secret_code; ?>">

In your CGI/Perl script, find the secret code and see if it exists in the database. If yes, then delete from the database and proceed. If no, then terminate.