Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    Jan 2010
    Posts
    101
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Detect a specific name in a contact form and deny Submit?

    I use a web-based forms service. It works well for my little useage.

    Unfortunately, some undesireable person has found my form and uses it to spam me!! I don't know enough about all of this to know whether that can be automated - but it sure looks to me like he's manually filling the name and email fields out and pasting in his sales script. And it's the same stuff every time!

    Is there any way I can detect his name in the field and deny the Submit action? The forms service doesn't have that option, but I can add in my own code if I want to.

    This is the field code:
    Code:
        <tr valign="top">
          <td id="td_element_label_0" style="" align="">
            <font face="Verdana" size="2" color="#000000"><b>Your Name</b></font> <span style="color:red;"><small>*</small></span>
          </td>
        </tr>
        <tr>
          <td id="td_element_field_0" style="">
            <input id="element_0" name="element_0" value="" size="30" class="validate[required]" type="text" />
            <div style="padding-bottom:8px;color:#000000;"></div>
          </td>
        </tr>
    This is the Submit code:
    Code:
        <tr>
          <td colspan="2" align="right">
            <input name="element_counts" value="3" type="hidden" /> <input name="embed" value="forms" type="hidden" /><input value="Send your question" type="submit" /><input value="Clear" type=
            "reset" />
          </td>
        </tr>
    Any help in dealing with this anoyance is greatly appreciated.
    Ed

  • #2
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,335
    Thanks
    5
    Thanked 363 Times in 360 Posts
    First thing I would do is set up a captcha feature to keep non-humans from spamming you.

    Also, how are you validating your form fields? Generally this is done with server-side, javascript, or better; a combination of the two.
    Teed

  • #3
    Regular Coder
    Join Date
    Jan 2010
    Posts
    101
    Thanks
    8
    Thanked 0 Times in 0 Posts
    The form fields are validated by the service. (I need to learn to do forms myself - if there's an error, the client gets an error page from the service's servers. Correcting it gets them back onto my site, but that can be disconcerting.)

    The captcha might slow this guy down, but I think he's manualy filling out the form, so he'd just do the captcha, too.

    Will I need some php or JavaScript to detect his name or something specific to him and deny the Submit action?

    Ed

  • #4
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,335
    Thanks
    5
    Thanked 363 Times in 360 Posts
    If someone is intent on manually wreaking havoc on your form, not sure there's much you can do about it..lol Sure you can "block" a specific user name from submitting data, but couldn't he just change his name?

    Is this a member's only type form? I mean, do ppl have to "join" your site before they can fill this form out?

    Here's an article with some tips on form security.
    Last edited by teedoff; 11-14-2011 at 06:18 PM.
    Teed

  • #5
    Senior Coder alykins's Avatar
    Join Date
    Apr 2011
    Posts
    1,722
    Thanks
    41
    Thanked 191 Times in 190 Posts
    nevermind- that wouldnt work since no one could ever fill it in... ignore this post

    I code C hash-tag .Net
    Reference: W3C W3CWiki .Net Lib
    Validate: html CSS
    Debug: Chrome FireFox IE

  • #6
    Regular Coder
    Join Date
    Jan 2010
    Posts
    101
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Nah - it's not a member's only site. Thinking about it, I'd probably actually need to grab the multiline text field's value into a string, search it for the terms he uses, and cancel from there.

    Definintely more than a simple html code. Probably need to look at JS, yah?

    Ed

  • #7
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,335
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by EdNerd View Post
    Nah - it's not a member's only site. Thinking about it, I'd probably actually need to grab the multiline text field's value into a string, search it for the terms he uses, and cancel from there.

    Definintely more than a simple html code. Probably need to look at JS, yah?

    Ed
    Javascript is a client side scripting language. Therefore your js code(and security) would be processed by HIS browser. He can turn js off..lol

    Server-side validation and security would be better.

    But again, a members only form where users would have to "join" your site, thus providing email, age, and other identity verifications would help somewhat to deter such maliciousness.
    Teed

  • #8
    Regular Coder
    Join Date
    Jan 2010
    Posts
    101
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Okay - I'll go play with php and cry for help on that side.
    Thanks for the boost.

    (Members only wouldn't deter this guy - he'd love to join a thousand times just to send me stuff.)

    Ed

  • #9
    Senior Coder Rowsdower!'s Avatar
    Join Date
    Oct 2008
    Location
    Some say it's everything.
    Posts
    2,027
    Thanks
    5
    Thanked 397 Times in 390 Posts
    Just a thought, but you might try NOT alerting this person that their submission failed. Give them the same exact success message as everyone else so they don't know it isn't working and, therefore, won't try another way to annoy you (if in fact they are manually doing this).

    You can also set up the PHP page to e-mail you their IP address rather than the actual contact form data (or just log it to a special database table and track date/time/ip of each attack). If you monitor that for a while you might be able to narrow down the source of the problem and/or filter by IP ranges to reject the form submission.

    Do you have a reason to suspect that this is a personal issue with someone? I can't think of a reason why someone would manually do this otherwise...
    The object of opening the mind, as of opening the mouth, is to shut it again on something solid. –G.K. Chesterton
    See Mediocrity in its Infancy
    It's usually a good idea to start out with this at the VERY TOP of your CSS: * {border:0;margin:0;padding:0;}
    Seek and you shall find... basically:
    validate your markup | view your page cross-browser/cross-platform | free web tutorials | free hosting

  • #10
    Senior Coder
    Join Date
    Aug 2010
    Location
    High Point, NC
    Posts
    3,335
    Thanks
    5
    Thanked 363 Times in 360 Posts
    Quote Originally Posted by EdNerd View Post
    Okay - I'll go play with php and cry for help on that side.
    Thanks for the boost.

    (Members only wouldn't deter this guy - he'd love to join a thousand times just to send me stuff.)

    Ed
    True, BUT validating his email address each time he joins, sooner or later creating new email addresses might be enough to bore him.

    Like I said, if he's intent on doing this as a personal attack on you and your site, there's not much you can do to completely stop him. Just depends on who's more determined.
    Teed

  • #11
    Regular Coder
    Join Date
    Jan 2010
    Posts
    101
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Rowsdower! View Post
    Do you have a reason to suspect that this is a personal issue with someone? I can't think of a reason why someone would manually do this otherwise...
    It's not a personal attack - it's a spammer from some third-world country who gets excited every time he finds a new address to send stuff to. So he periodically sends it out, clogging up my contact form inbox. I just want to figure out how to block him.

    I'm pretty sure this is a manual input. Although I don't know enough to know how hard it would be to automate this.

    Ed


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •