For full details of how CFFormProtect works, see the project page at http://cfformprotect.riaforge.org/

Installation
  1. Copy the cfformprotect folder into your web root.
  2. Put <cfinclude template="/cfformprotect/cffp.cfm"> somewhere between your form tags.
  3. On your processing page include the following code:
    <cfset Cffp = CreateObject("component","cfformprotect.cffpVerify").init() />
    <!--- now we can test the form submission --->
    <cfif Cffp.testSubmission(form)>
           <!--- The submission has passed the form test.  Place processing here --->
    <cfelse>
           <!--- The test failed.  Take appropriate failure action here. --->
    </cfif>
  4. Setup your email settings and Akismet in cffp.ini.cfm, if you want to use those features (if you leave the email settings blank, you won't receive an email when spammer tries to attack your forms)

Customization

Tip: You can enter "viagra-test-123" as your Name when testing your form, and Akismet will automatically mark the form submission as spam

INI File settings (cffp.ini.cfm)
Most of the values can be left as default, if you want, but you'll need to provide values for Akismet if you want to use that test.

The first section of the ini allows you to set which tests to run. 1 is enabled and 0 is disabled :

The 2nd section has settings for individual tests. All of the Akisment settings are left blank on purpose. If you want to use Akismet (highly recommended), please fill in these variables to match your environment

The 3rd section allows you to modify how many penalty points each test failure will receive

failureLimit, is the total amount of points you will allow before flagging a message as spam. Each test that fails will assign 'failure points' to the form submission (see 3rd section of ini file). If the total points exceeds the failureLimit, the message will not be sent.

The 4th section allows you to setup your email settings if you want to have spam reports sent to you as they occur. Set emailFailedTests to '1' if you want this feature enabled

The final section allows you to setup logging. By default, any failed spam submissions will be logged to your server's default cflog location.

logFailedTests, enable/disable logging of spam submissions

logFile, if you don't want to use the default cflog log file, you can specify a different log file name here

 

CFFormProtect is governed by the mozilla public license version 1.1.
See the included License.txt or http://www.mozilla.org/MPL/ for details