Perl: Authenticate Web Forms (Anti-Spam Bots)

Technology Blog:

Perl script (MathAuth.pl) to Authenticate Submitted Web Forms (Anti-Spam Bots).

If you have a Website that has forms that are submitted by clicking a button, then I am sure you have been plagued with spam bots submitting to your forms.

We were searching to add the rotating image form of authentication, but after using many of these ourselves at other websites, we found many times you could not make out the letters or numbers that were being displayed.

I was reading an article at Matt Cutts’ Blog (What Google Knows About Spam)
where he displays some slides about spam, in one of his slides he shows how asking a Math question works very well and he uses it himself. 

So we decided to update one of our forms which is submitted to a Perl Script.

Below we will show you how we did it and you can use the same method:

First you must create a file named mathauth.pl that looks likes this:
 @answer = (“”,””);

sub question
{
 $r1 = 10;
 $q1 = int(rand($r1));
 $q2 = int(rand($r1));
}

sub answer($q1,$q2,$q3)
{
 $q1 = shift;
 $q2 = shift;
 $q3 = shift;
 $a1 = $q1 + $q2;
 if($a1==$q3){
  $q3=”yes”;
  }else{
  $q3=”no”;
  }
}
save the file and update the permissions to 755 (chmod 755 mathauth.pl)

We use a perl script to populate the form:

In your perl script that builds the form you must add the following line at the begining of your script:

require ‘/full path to mathauth/mathauth.pl’;

Some where in your script where you build the form you must make a software call:

&question;  #this call will return with two integers $q1 and $q2

#Next insert the following lines towards the bottom of your form:

print “Security Question * : $q1 + $q2 = ?\n”;

print “Security Answer * : <input type=\”text\” name=\”Security_Answer\” size=\”4\” maxlength=\”4\” value=\”\”>\n”;

print “<input type=\”hidden\” name=\”Security1\” size=\”4\” maxlength=\”4\”value=$q1>\n”;

print “<input type=\”hidden\” name=\”Security1\” size=\”4\” maxlength=\”4\”value=$q2>\n”;

#Now when the form is submitted, the answer and the question will be passed to #another perl script that can make the final decision.

In your perl script that receives the form you must add the following line at the beginning of your script:

require ‘/full path to mathauth/mathauth.pl’;

Decode your form variables in the normal way, but now you must check to see if the $FORM{‘Security_Answer’} field is empty or correct.

The following is what we do:

if($FORM{‘Security_Answer’} eq “”){  #If  Answer is empty then redirect to main page. 

print “Location: http://domain name//n/n”;

  exit;
  }
 # The following line calls for verification of the values submitted.

#We simply pass the form fields that the user or spam botsubmitted to mathauth.pl

#mathauth.pl will return a string in $q3 of “yes” or “no”

&answer($FORM{‘Security1’},$FORM{‘Security2’},$FORM{‘Security_Answer’});<br>   if($q3 eq “no”){
 print “Location: http://domain name//n/n”;  #Redirect them, Bad Answer.
  exit;
 }
#If the answer was correct, then the code will be passing by here to your regular routines.

I hope this helps, and Matt was right, it is a lot easier and more user friendly than using images for the Security questions.

If you would like to add this to any of your perl scripts, and don’t know how, then contact us and we will be glad to help you.

Thanks,

The HughesTech Team