form spam

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

form spam

Post by kippy »

I went in and created a mini captcha version for a quote form I have on my site. I hoped this would prevent the incoming spam entries, but it has not. I am thinking that they are using a different version of my send_form.php...any suggestions to secure a script from outsiders? I am hoping there is a way to lock down scripts for only my site to access...may just be me dreaming, but I would love to stop spam. Look forward to any suggestions.....
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Are you certain that the spammer isn't human? CAPTCHA tests are good at deterring robots as long as they're set up correctly, but they can't determine if the person behind the monitor intends to solicit you.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

well i guess there is no way for me to know for sure...but based on the frequency of the spam entries(emails) it has to be a bot. is it possible for some one to go around and send emails through the mail($to, $subject, $msg, $mailheaders); functionality?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If your script leaves the hole, it can be exploited.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

what about storing the script(s) in the cgi-bin folder? Also, is there a preferred permission setting for this folder?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Where you store the script and how you store it rarely affect holes that are in the script itself.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

so if i validate all input fields, it should prevent this sort of thing from happening?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It'll certainly help prevent such things.
User avatar
louie35
Forum Contributor
Posts: 144
Joined: Fri Jan 26, 2007 8:40 am
Location: Dublin
Contact:

Post by louie35 »

I wrote few things about preventing spam through your forms. might be use to it to have a look.

Prevent Spam
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

here is my concern...i watched the entries come in last night and the bot/person has to be using another form. The reason i say this is because i placed a maxlength limit on all of the fields(the spammer(s)) are using to insert links. These fields are not being restricted to the maxlength set. when i use the form, it appears to work prpoerly with the capthca system i setup, plus the fields follow the maxlength set. any thoughts?
User avatar
louie35
Forum Contributor
Posts: 144
Joined: Fri Jan 26, 2007 8:40 am
Location: Dublin
Contact:

Post by louie35 »

use php to get the lenght of the string and if bigger then the one setup reject the email

Code: Select all

if(strlen($field_name) > 100){//your limit
  //do your rejection here
  echo "<fieldset><legend style='color:red;background-color:yellow'>Attention</legend>
            Probably you are an automated x-mailer, so keep away. Thanks.
            </fieldset>";
}
Post Reply