Spam sent through web forms
Moderator: General Moderators
Spam sent through web forms
Hey all,
Recently I have experienced a shed load of spam coming through my contact form. 50+ email a day so far for the last 2 days.
What is the best way to prevent this sort of thing from happening? What do you guys do?
Jim
Recently I have experienced a shed load of spam coming through my contact form. 50+ email a day so far for the last 2 days.
What is the best way to prevent this sort of thing from happening? What do you guys do?
Jim
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
whats not professional about it? a heck of a lot of professional websites use them, heck every instant messanging website uses it, along with a bunch of other professional websites. its going to be your best bet but the other using the "filter" might work but you might lose one or two real email with that one. your call though, i don't see any other options.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
You'd also have to leave a note about that, because i spent 10mins trying to figure out why I couldnt login to a site, turns out you HAVE to press submit, you can't hit enter like I usually do.Grim... wrote:Use javascript to make sure they physically hit the submit button? (Not sure if this will help TBH...)
This is quite interesting.
Basically my form is simple.
Name:
Email:
Message:
Each field is required and if one or more are not filled in then the form is not processed. The email also has to be a valid format also.
Interestingly all the email I received only contain a name and an email address. There is no 'message' being specified.
Surely my form should have thrown a wobbler and said "whopps - go back fix your problem" and stopped all form processing. Or are harvesters/spammers much more intelligent than I think?
Basically my form is simple.
Name:
Email:
Message:
Each field is required and if one or more are not filled in then the form is not processed. The email also has to be a valid format also.
Interestingly all the email I received only contain a name and an email address. There is no 'message' being specified.
Surely my form should have thrown a wobbler and said "whopps - go back fix your problem" and stopped all form processing. Or are harvesters/spammers much more intelligent than I think?
Code: Select all
<?php
//check to see if form has been submitted
if (isset($_POST['Submit']))
{
// include validation class
include("SFormValidator.inc.php");
// instantiate object
$fv = new SFormValidator();
// perform validation
$fv->isEmpty("Name", "Please enter a name");
$fv->isEmpty("Message", "Please enter a message");
$fv->isEmailAddress("Email", "Please enter a valid email address");
if ($fv->isError())
{
$errors = $fv->getErrorList();
echo "<p> </p>";
echo "<table width=\"70%\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"bodytext\">";
echo "<tr>";
echo "<td><p><b>The operation could not be performed because one or more error(s) occurred.</b> </p>
<p> Please use the back button and resubmit the form after making the following changes:";
echo "<p>";
echo "<ul>";
foreach ($errors as $e)
{
echo "<li>" . $e['msg'];
}
echo "</ul>";
echo "<a href=\"javascript: window.history.go(-1)\"><img src=\"/images/BackBut.gif\" border=0></a>";
echo "</td>";
echo "</tr>";
echo "</table>";
}
else
{
// do something useful with the data
echo "<p align=\"center\" class=\"Title\">Thanks. Your feedback has been submitted.</p>";
// Build Email and send
$subject = "Improvision Phylum Live Contact";
$sender_name = $_POST['Name'];
$sender_email = $_POST['Email'];
$message = $_POST['Message'];
$msg .= "".Name.": $sender_name\r\n";
$msg .= "".Email.": $sender_email\r\n";
$msg .= "".Message.": $message\r\n";
$to = "phylumlive@improvision.com";
$mailheaders = "From: $sender_name <$sender_email>";
$mailheaders .= "Reply-To: $sender_email";
mail($to, $subject, $msg, $mailheaders);
}
}
else //Show form
{
?>
</p>
<p class="BodyText"><strong>*</strong> = Required Field </p>
<form action="index.php" method="post" name="Contact">
<table width="400" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="140">Name: * </td>
<td width="260"><input name="Name" type="text" id="Name" size="30"></td>
</tr>
<tr>
<td width="140">Email address: * </td>
<td width="260"><input name="Email" type="text" id="Email" size="30"></td>
</tr>
<tr>
<td width="140">Message: * </td>
<td width="260"><textarea name="Message" cols="30" rows="3" id="Message"></textarea></td>
</tr>
<tr>
<td width="140"> </td>
<td width="260"><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Reset" value="Reset"></td>
</tr>
</table>
</form>
<?
}
?>Yeah it throws errors if I miss one or all the fields.
IsEmpty function:
So in theory the form should have thrown errors and the spam should not have got through....
IsEmpty function:
Code: Select all
function isEmpty($field, $msg)
{
$value = $this->_getValue($field);
if (trim($value) == "")
{
$this->_errorList[] = array("field" => $field, "value" => $value, "msg" => $msg);
return false;
}
else
{
return true;
}
}