comment on

Well, spammers can easily just visit your page with a fake browser and submit the form, so any security measures you take around making sure your web site originates the request will be imperfect.

referer checking is where you use something like CGI::Simple's referer method (no, that's not a misspelling) to make sure that a submitter is actually visiting your site before submitting your form. Referer headers can easily be forged, and the spammer can load your form first with their bot program, rendering it ineffective.
load-post delays can mitigate some forms of referer-forgery by enforcing a delay between when the form was loaded and when it was submitted. The only way to do this without relying on client-side accuracy is to have the form generated by a script -- you can then use session management to force several seconds to elapse between form load and submit. Good spammer bots defeat this as well.
captchas are the common name for a class of tests to verify that a human is posting. The most common implementations are an image-warp of a string which must then be entered in text by the poster. Many captchas can be easily defeated, so choose wisely when selecting an implementation. Also, captchas that don't alienate visually-impaired users are harder to come by (e.g. expensive), so consider that in making your decision.
restricted posting involves requiring a user to sign up for an account before posting. Many bots can figure out simple registration schemes, so be sure to use registration security measures (like the above, e-mail confirmations, etc.) for maximum effect.

None of these techniques is perfect, but using them (especially the Captcha, if appropriate) will eliminate a large number of spams. Most of them are already implemented in CPAN modules.

<–radiant.matrix–>
Ramblings and references
The Code that can be seen is not the true Code
I haven't found a problem yet that can't be solved by a well-placed trebuchet

In reply to Re: newb: Best way to protect CGI from non-form invocation? by radiantmatrix
in thread newb: Best way to protect CGI from non-form invocation? by JCHallgren

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.