Page 1 of 2

Spam sent through web forms

Posted: Thu Sep 15, 2005 3:17 am
by hairyjim
Hey all,

Recently I have experienced a shed load of spam coming through my contact form. 50+ email a day so far for the last 2 days.

What is the best way to prevent this sort of thing from happening? What do you guys do?

Jim

Posted: Thu Sep 15, 2005 4:16 am
by shiznatix
sounds very automated. what you can do is make those "please type in the word you see in the box" thing, that way there will be no automated emails sent. then you can also add a filter like if the message contains "lower morgage rates" or whatever just ignore it.

Posted: Thu Sep 15, 2005 4:19 am
by hairyjim
Yeah it is automated.

It is the same thing everytime.

Funnily enough the only data sent is the email of the person as the message.

I am not sure I wish to use the "write what you see". I don't know they just don't 'look or feel' professional. Sounds stupid huh!?

Posted: Thu Sep 15, 2005 4:53 am
by shiznatix
whats not professional about it? a heck of a lot of professional websites use them, heck every instant messanging website uses it, along with a bunch of other professional websites. its going to be your best bet but the other using the "filter" might work but you might lose one or two real email with that one. your call though, i don't see any other options.

Posted: Thu Sep 15, 2005 7:51 am
by feyd
fyi: it's called Captcha

Posted: Thu Sep 15, 2005 7:51 am
by Grim...
Use javascript to make sure they physically hit the submit button? (Not sure if this will help TBH...)

Posted: Thu Sep 15, 2005 7:52 am
by d3ad1ysp0rk
Grim... wrote:Use javascript to make sure they physically hit the submit button? (Not sure if this will help TBH...)
You'd also have to leave a note about that, because i spent 10mins trying to figure out why I couldnt login to a site, turns out you HAVE to press submit, you can't hit enter like I usually do.

Posted: Thu Sep 15, 2005 7:55 am
by Grim...
Pretty simple to have an alert box on hitting the return key, I should think.

Posted: Thu Sep 15, 2005 8:02 am
by shiznatix
but many people, like me, diable javascript so they would turn away many people from your site...not a good thing

Posted: Thu Sep 15, 2005 10:22 am
by hairyjim
This is quite interesting.

Basically my form is simple.

Name:
Email:
Message:

Each field is required and if one or more are not filled in then the form is not processed. The email also has to be a valid format also.

Interestingly all the email I received only contain a name and an email address. There is no 'message' being specified.

Surely my form should have thrown a wobbler and said "whopps - go back fix your problem" and stopped all form processing. Or are harvesters/spammers much more intelligent than I think?

Posted: Thu Sep 15, 2005 10:28 am
by shiznatix
post your code? but i don't see how they could do it unless the email has only spaces or somthing in it. like i could put in 50 spaces and even if you trim it it would still be a 48 char message which would go through

Posted: Thu Sep 15, 2005 10:42 am
by hairyjim

Code: Select all

<?php

//check to see if form has been submitted
if (isset($_POST['Submit']))
{

// include validation class
include("SFormValidator.inc.php");

// instantiate object
$fv = new SFormValidator();

// perform validation
$fv->isEmpty("Name", "Please enter a name");
$fv->isEmpty("Message", "Please enter a message");
$fv->isEmailAddress("Email", "Please enter a valid email address");

if ($fv->isError())
{
	$errors = $fv->getErrorList();
	  echo "<p>&nbsp;</p>";
	  echo "<table width=\"70%\"  border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" class=\"bodytext\">";
      echo "<tr>";
      echo "<td><p><b>The operation could not be performed because one or more error(s) occurred.</b> </p>
      <p> Please use the back button and resubmit the form after making the following changes:"; 
	  echo "<p>"; 
	  echo "<ul>"; 
	  foreach ($errors as $e) 
	  { 
	  echo "<li>" . $e['msg']; 
	  } 
	  echo "</ul>"; 
	  echo "<a href=\"javascript: window.history.go(-1)\"><img src=\"/images/BackBut.gif\" border=0></a>"; 
	  echo "</td>";
	  echo "</tr>";
	  echo "</table>";
}
else
{
	// do something useful with the data
	echo "<p align=\"center\" class=\"Title\">Thanks. Your feedback has been submitted.</p>";
	
	// Build Email and send	
	$subject = "Improvision Phylum Live Contact";
	$sender_name = $_POST['Name'];
	$sender_email = $_POST['Email'];
	$message = $_POST['Message'];

	
	$msg .= "".Name.": $sender_name\r\n";
	$msg .= "".Email.": $sender_email\r\n";
	$msg .= "".Message.": $message\r\n";
	$to = "phylumlive@improvision.com";
	$mailheaders = "From: $sender_name <$sender_email>";
	$mailheaders .= "Reply-To: $sender_email";
	mail($to, $subject, $msg, $mailheaders);

}
}
else //Show form
{

?>
                </p>
                <p class="BodyText"><strong>*</strong> = Required Field </p>
                  <form action="index.php" method="post" name="Contact">
                    <table width="400" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
                      <tr>
                        <td width="140">Name: * </td>
                        <td width="260"><input name="Name" type="text" id="Name" size="30"></td>
                      </tr>
                      <tr>
                        <td width="140">Email address: * </td>
                        <td width="260"><input name="Email" type="text" id="Email" size="30"></td>
                      </tr>
                      <tr>
                        <td width="140">Message: * </td>
                        <td width="260"><textarea name="Message" cols="30" rows="3" id="Message"></textarea></td>
                      </tr>
                      <tr>
                        <td width="140">&nbsp;</td>
                        <td width="260"><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Reset" value="Reset"></td>
                      </tr>
                    </table>
                  </form>
                <?
}
?>

Posted: Thu Sep 15, 2005 10:52 am
by shiznatix
when you use it does it return errors when you do somthing wrong? would my spaces theroy possibly be correct? what does this class function isEmpty look like?

Posted: Thu Sep 15, 2005 11:05 am
by hairyjim
Yeah it throws errors if I miss one or all the fields.

IsEmpty function:

Code: Select all

function isEmpty($field, $msg)
	{
		$value = $this->_getValue($field);
		if (trim($value) == "")
		{
			$this->_errorList[] = array("field" => $field, "value" => $value, "msg" => $msg);
			return false;
		}
		else
		{
			return true;
		}
	}
So in theory the form should have thrown errors and the spam should not have got through....

Posted: Thu Sep 15, 2005 11:16 am
by shiznatix
nope not if they made it all spaces. if its 10 spaces and you trim it, it will just trim the the 2 end spaces (im 99% sure) so you will still be left with 8 spaces which != "" so it will go though.