ColdFusion timestamp trick to prevent form spam

I’ve been using the “timestamp trick” to reduce form submission spam for the past few months now. It’s been extremely effective!

Today was the first time I had to employ it on a ColdFusion-based site. The basic principle is the same, but it isn’t readily apparent how to obtain the timestamp.

The following code illustrates it’s use:

Put this on your form page:

<input name="ts" type="hidden" value="#DateDiff("s", CreateDate(1970,1,1), NOW())#">

Put this at the top of your processing page:

<cfset currentTime = DateDiff("s", CreateDate(1970,1,1), NOW())>
   <cfif currentTime - form.ts lt 3>
   <cflocation url="/">
   <cfabort>
</cfif>

That’s it!

Now, any bot that attempts to submit the form in less than 3 seconds will be automatically redirected to your home page, instead of continuing with the processing script.

Why follow me on Twitter?

  • I tweet about new technologies, services or libraries I find interesting
  • Yeah, sometimes I'll post a pet-peeve or rant about something trivial
  • If I discover something that made my web development life easier, I share it
  • I'll shout out any handy tip that I think might be useful to other devs


This entry was posted in ColdFusion. Bookmark the permalink.

Updated: 2015-04-29

Phil LaNasa follow us in feedly