I think a problem is that there is no input validation for any of the form fields posted. So $mailmessage, $_POST['field_1'] and $_POST['field_2'] should have at least some basic input filtering/validation.
As to the spam: you could also try something with an extra input field and a basic simple question. Like "Please uncheck the following checkbox to show this is not spam". Or "Who is bigger a cat or a dog?". Most spambots will choke on those.
But I do understand that, just as with the captcha, something like that makes your form harder to use.
Email Validation Error
Moderator: General Moderators
Re: Email Validation Error
I thought that was taken care of with js in form.html. I have since blacklisted the ip address of the offenders and haven't recieved any spam lately so that is a good (but temporary) thing I guess.
Nootkan
Nootkan
Re: Email Validation Error
You can not rely on javascript validation. Never. Javascript can be turned of by the user/attacker and as fas as I know bots don't even care about it. Always have solid validation on the server side. Javascript validation is there only for convenience (no page reload needed to show form errors) for the users that have js on.
Re: Email Validation Error
Thanks for all your input. I guess I'll have to scrap the form idea to replace email addresses on my websites as I am unable to figure out how to secure the script.
Some day maybe. Thanks again.
Nootkan
Nootkan