You are correct when stating that somebody could program a script to submit forms
automatically. This can be done easily using CFHTTP in ColdFusion or ASPHTTP for
VBScript. However, the ability to use these can very easily be thwarted in several
ways.First, the registration forms should not be accessible prior to the opening
of registrations. That way, the script writers won't be able to see the structure
of the registration forms before registration begins. It will then take them at least
some time to program the script after registration begins. By that time, the
best generic domains would have already been registered.
Second, it is extremely
easy to make it impossible to use scripts that automatically submit forms.
First off, anybody who has registered a domain before knows that most registration
forms are spread over several pages. While I have seen scripts that use CFHTTP and
ASPHTTP over several form pages on a remote site, you can easily block these submissions
by checking the referrer. For instance, the registration form has several pages.
Form 1 passes information to Form 2, and so on. Form 2 can check the referrer
to see what page submitted information to it. If the referrer is not equal
to Form 1 on the registrar's server, the submission will be blocked. Anybody
who has developed commercial applications for the web knows that writing scripts
that always check referrers when data is submitted is a good habit and necessary
for security reasons. There are other ways that could thwart automated scripts
(such as the use of user sessions), however the referrer checking method is by far
the easiest and should be used by any website that accepts data through forms anyway.
Jeff