Online contact form - how to make it secure

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
geester1
Forum Newbie
Posts: 4
Joined: Tue Oct 14, 2008 12:42 am

Online contact form - how to make it secure

Post by geester1 »

I'm looking for a secure online form for email, so any possible customers can email us, had huge problem recently someone targeted our online form - it didnt have captcha, in 3 minutes we got 512 spam emails. So I am looking for something that will prevent this, any suggestions, please?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Online contact form - how to make it secure

Post by kaisellgren »

Welcome to the world of spam :)

Image

There are some things you need to take care of, but do not worry, I will not give you up. (I never gonna give you up, I never gonna let you down - sorry :P)

What you would need to do is to limit the number of emails that can be sent by an IP in addition to having a CAPTCHA. You decide the limit of emails - 2 emails for 6 hours? Or 3 emails per 24 hours? Basically, you log the IP address (and do not use HTTP_X_FORWARDED_FOR, use REMOTE_ADDR) and log it into the database. Prior to sending any emails, check the database for the IP.

And about the CAPTCHA, I will not provide working code for a CAPTCHA, you may want to use this http://recaptcha.net/

Once you think you are ready, show us your code and we will look at it.
Ice2257
Forum Newbie
Posts: 8
Joined: Thu Feb 05, 2009 1:17 pm

Re: Online contact form - how to make it secure

Post by Ice2257 »

Can someone also take a look at my post Online Contact Form Validation

Thanks
Post Reply