Spam sent through web forms

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

hairyjim
Forum Contributor
Posts: 219
Joined: Wed Nov 13, 2002 9:04 am
Location: Warwickshire, UK

Spam sent through web forms

Post by hairyjim »

Hey all,

Recently I have experienced a shed load of spam coming through my contact form. 50+ email a day so far for the last 2 days.

What is the best way to prevent this sort of thing from happening? What do you guys do?

Jim
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

sounds very automated. what you can do is make those "please type in the word you see in the box" thing, that way there will be no automated emails sent. then you can also add a filter like if the message contains "lower morgage rates" or whatever just ignore it.
hairyjim
Forum Contributor
Posts: 219
Joined: Wed Nov 13, 2002 9:04 am
Location: Warwickshire, UK

Post by hairyjim »

Yeah it is automated.

It is the same thing everytime.

Funnily enough the only data sent is the email of the person as the message.

I am not sure I wish to use the "write what you see". I don't know they just don't 'look or feel' professional. Sounds stupid huh!?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

whats not professional about it? a heck of a lot of professional websites use them, heck every instant messanging website uses it, along with a bunch of other professional websites. its going to be your best bet but the other using the "filter" might work but you might lose one or two real email with that one. your call though, i don't see any other options.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

fyi: it's called Captcha
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Use javascript to make sure they physically hit the submit button? (Not sure if this will help TBH...)
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Grim... wrote:Use javascript to make sure they physically hit the submit button? (Not sure if this will help TBH...)
You'd also have to leave a note about that, because i spent 10mins trying to figure out why I couldnt login to a site, turns out you HAVE to press submit, you can't hit enter like I usually do.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Pretty simple to have an alert box on hitting the return key, I should think.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

but many people, like me, diable javascript so they would turn away many people from your site...not a good thing
hairyjim
Forum Contributor
Posts: 219
Joined: Wed Nov 13, 2002 9:04 am
Location: Warwickshire, UK

Post by hairyjim »

This is quite interesting.

Basically my form is simple.

Name:
Email:
Message:

Each field is required and if one or more are not filled in then the form is not processed. The email also has to be a valid format also.

Interestingly all the email I received only contain a name and an email address. There is no 'message' being specified.

Surely my form should have thrown a wobbler and said "whopps - go back fix your problem" and stopped all form processing. Or are harvesters/spammers much more intelligent than I think?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

post your code? but i don't see how they could do it unless the email has only spaces or somthing in it. like i could put in 50 spaces and even if you trim it it would still be a 48 char message which would go through
hairyjim
Forum Contributor
Posts: 219
Joined: Wed Nov 13, 2002 9:04 am
Location: Warwickshire, UK

Post by hairyjim »

Code: Select all

<?php

//check to see if form has been submitted
if (isset($_POST['Submit']))
{

// include validation class
include("SFormValidator.inc.php");

// instantiate object
$fv = new SFormValidator();

// perform validation
$fv->isEmpty("Name", "Please enter a name");
$fv->isEmpty("Message", "Please enter a message");
$fv->isEmailAddress("Email", "Please enter a valid email address");

if ($fv->isError())
{
	$errors = $fv->getErrorList();
	  echo "<p>&nbsp;</p>";
	  echo "<table width=\"70%\"  border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"bodytext\">";
      echo "<tr>";
      echo "<td><p><b>The operation could not be performed because one or more error(s) occurred.</b> </p>
      <p> Please use the back button and resubmit the form after making the following changes:"; 
	  echo "<p>"; 
	  echo "<ul>"; 
	  foreach ($errors as $e) 
	  { 
	  echo "<li>" . $e['msg']; 
	  } 
	  echo "</ul>"; 
	  echo "<a href=\"javascript: window.history.go(-1)\"><img src=\"/images/BackBut.gif\" border=0></a>"; 
	  echo "</td>";
	  echo "</tr>";
	  echo "</table>";
}
else
{
	// do something useful with the data
	echo "<p align=\"center\" class=\"Title\">Thanks. Your feedback has been submitted.</p>";
	
	// Build Email and send	
	$subject = "Improvision Phylum Live Contact";
	$sender_name = $_POST['Name'];
	$sender_email = $_POST['Email'];
	$message = $_POST['Message'];

	
	$msg .= "".Name.": $sender_name\r\n";
	$msg .= "".Email.": $sender_email\r\n";
	$msg .= "".Message.": $message\r\n";
	$to = "phylumlive@improvision.com";
	$mailheaders = "From: $sender_name <$sender_email>";
	$mailheaders .= "Reply-To: $sender_email";
	mail($to, $subject, $msg, $mailheaders);

}
}
else //Show form
{

?>
                </p>
                <p class="BodyText"><strong>*</strong> = Required Field </p>
                  <form action="index.php" method="post" name="Contact">
                    <table width="400" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
                      <tr>
                        <td width="140">Name: * </td>
                        <td width="260"><input name="Name" type="text" id="Name" size="30"></td>
                      </tr>
                      <tr>
                        <td width="140">Email address: * </td>
                        <td width="260"><input name="Email" type="text" id="Email" size="30"></td>
                      </tr>
                      <tr>
                        <td width="140">Message: * </td>
                        <td width="260"><textarea name="Message" cols="30" rows="3" id="Message"></textarea></td>
                      </tr>
                      <tr>
                        <td width="140">&nbsp;</td>
                        <td width="260"><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Reset" value="Reset"></td>
                      </tr>
                    </table>
                  </form>
                <?
}
?>
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

when you use it does it return errors when you do somthing wrong? would my spaces theroy possibly be correct? what does this class function isEmpty look like?
hairyjim
Forum Contributor
Posts: 219
Joined: Wed Nov 13, 2002 9:04 am
Location: Warwickshire, UK

Post by hairyjim »

Yeah it throws errors if I miss one or all the fields.

IsEmpty function:

Code: Select all

function isEmpty($field, $msg)
	{
		$value = $this->_getValue($field);
		if (trim($value) == "")
		{
			$this->_errorList[] = array("field" => $field, "value" => $value, "msg" => $msg);
			return false;
		}
		else
		{
			return true;
		}
	}
So in theory the form should have thrown errors and the spam should not have got through....
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

nope not if they made it all spaces. if its 10 spaces and you trim it, it will just trim the the 2 end spaces (im 99% sure) so you will still be left with 8 spaces which != "" so it will go though.
Post Reply