...

View Full Version : Detect a specific name in a contact form and deny Submit?



EdNerd
11-14-2011, 02:18 PM
I use a web-based forms service. It works well for my little useage.

Unfortunately, some undesireable person has found my form and uses it to spam me!! I don't know enough about all of this to know whether that can be automated - but it sure looks to me like he's manually filling the name and email fields out and pasting in his sales script. And it's the same stuff every time!

Is there any way I can detect his name in the field and deny the Submit action? The forms service doesn't have that option, but I can add in my own code if I want to.

This is the field code:

<tr valign="top">
<td id="td_element_label_0" style="" align="">
<font face="Verdana" size="2" color="#000000"><b>Your Name</b></font> <span style="color:red;"><small>*</small></span>
</td>
</tr>
<tr>
<td id="td_element_field_0" style="">
<input id="element_0" name="element_0" value="" size="30" class="validate[required]" type="text" />
<div style="padding-bottom:8px;color:#000000;"></div>
</td>
</tr>

This is the Submit code:

<tr>
<td colspan="2" align="right">
<input name="element_counts" value="3" type="hidden" /> <input name="embed" value="forms" type="hidden" /><input value="Send your question" type="submit" /><input value="Clear" type=
"reset" />
</td>
</tr>

Any help in dealing with this anoyance is greatly appreciated.
Ed

teedoff
11-14-2011, 02:21 PM
First thing I would do is set up a captcha (http://www.captcha.net/)feature to keep non-humans from spamming you.

Also, how are you validating your form fields? Generally this is done with server-side, javascript, or better; a combination of the two.

EdNerd
11-14-2011, 05:15 PM
The form fields are validated by the service. (I need to learn to do forms myself - if there's an error, the client gets an error page from the service's servers. Correcting it gets them back onto my site, but that can be disconcerting.)

The captcha might slow this guy down, but I think he's manualy filling out the form, so he'd just do the captcha, too.

Will I need some php or JavaScript to detect his name or something specific to him and deny the Submit action?

Ed

teedoff
11-14-2011, 06:11 PM
If someone is intent on manually wreaking havoc on your form, not sure there's much you can do about it..lol Sure you can "block" a specific user name from submitting data, but couldn't he just change his name?

Is this a member's only type form? I mean, do ppl have to "join" your site before they can fill this form out?

Here's (http://kb.infusionsoft.com/index.php?/article/AA-00875/0/How-do-I-block-specific-web-form-submissions.html) an article with some tips on form security.

alykins
11-14-2011, 06:30 PM
nevermind- that wouldnt work since no one could ever fill it in... ignore this post

EdNerd
11-14-2011, 07:56 PM
Nah - it's not a member's only site. Thinking about it, I'd probably actually need to grab the multiline text field's value into a string, search it for the terms he uses, and cancel from there.

Definintely more than a simple html code. Probably need to look at JS, yah?

Ed

teedoff
11-14-2011, 07:58 PM
Nah - it's not a member's only site. Thinking about it, I'd probably actually need to grab the multiline text field's value into a string, search it for the terms he uses, and cancel from there.

Definintely more than a simple html code. Probably need to look at JS, yah?

Ed

Javascript is a client side scripting language. Therefore your js code(and security) would be processed by HIS browser. He can turn js off..lol

Server-side validation and security would be better. ;)

But again, a members only form where users would have to "join" your site, thus providing email, age, and other identity verifications would help somewhat to deter such maliciousness.

EdNerd
11-14-2011, 09:07 PM
Okay - I'll go play with php and cry for help on that side.
Thanks for the boost.

(Members only wouldn't deter this guy - he'd love to join a thousand times just to send me stuff.)

Ed

Rowsdower!
11-14-2011, 09:34 PM
Just a thought, but you might try NOT alerting this person that their submission failed. Give them the same exact success message as everyone else so they don't know it isn't working and, therefore, won't try another way to annoy you (if in fact they are manually doing this).

You can also set up the PHP page to e-mail you their IP address rather than the actual contact form data (or just log it to a special database table and track date/time/ip of each attack). If you monitor that for a while you might be able to narrow down the source of the problem and/or filter by IP ranges to reject the form submission.

Do you have a reason to suspect that this is a personal issue with someone? I can't think of a reason why someone would manually do this otherwise...

teedoff
11-14-2011, 11:12 PM
Okay - I'll go play with php and cry for help on that side.
Thanks for the boost.

(Members only wouldn't deter this guy - he'd love to join a thousand times just to send me stuff.)

Ed

True, BUT validating his email address each time he joins, sooner or later creating new email addresses might be enough to bore him.

Like I said, if he's intent on doing this as a personal attack on you and your site, there's not much you can do to completely stop him. Just depends on who's more determined.

EdNerd
11-14-2011, 11:56 PM
Do you have a reason to suspect that this is a personal issue with someone? I can't think of a reason why someone would manually do this otherwise...

It's not a personal attack - it's a spammer from some third-world country who gets excited every time he finds a new address to send stuff to. So he periodically sends it out, clogging up my contact form inbox. I just want to figure out how to block him.

I'm pretty sure this is a manual input. Although I don't know enough to know how hard it would be to automate this.

Ed



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum