Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Regular Coder
    Join Date
    Jan 2006
    Posts
    377
    Thanks
    8
    Thanked 1 Time in 1 Post

    Prevent spammers to use my contact form

    Hi people,

    I realized that spam bots are sending lots of spam to one of my clients, using a feedback form I wrote. How can I prevent this from happening?

    Here is the code:

    PHP Code:
    if(isset($_POST['postquote'])) {
        
    $name $_POST['name'];
        
    $gender $_POST['gender'];
        
    $email $_POST['email'];
        
    $phone $_POST['phone'];
        
    $fax $_POST['fax'];
        
    $quote $_POST['quote'];

        
    $to "info@mydomain.com";
        
    $subject "[My Client Web] Feedback";
        
    // $headers = "";

        
    $message "";
        
    $message .= "Following message has been sent to you through your website:\n\n";
        
    $message .= "Sender: $name\n";
        
    $message .= "Email: $email\n";
        
    $message .= "Gender: $gender\n";
        
    $message .= "Phone: $phone\n";
        
    $message .= "Fax: $fax\n\n";
        
    $message .= "Message Body:\n$quote\n";

        include(
    "header.php");

        if (
    mail($to,$subject,$message,"From: $name <$email>\n")){
            echo 
    "<p>Dear $name, thank you for your feedback....</p>";
        } else {
            echo 
    "<p>Message could not be sent. Please try again later.</p>";
        }
        include(
    "footer.php");
        exit();
    }

    // Mail form below

    ?> 
    Any advice will be highly appreciated. Thanks.

  • #2
    Senior Coder chump2877's Avatar
    Join Date
    Dec 2004
    Location
    the U.S. of freakin' A.
    Posts
    2,778
    Thanks
    19
    Thanked 155 Times in 146 Posts
    I would use image validation, there's no way a bot can bypass that as far as I know....

    Like at the bottom of this form: http://www.mediamogulsweb.com/questionnaire.php.

    I used a php class called KCAPTCHA on that page that can be found here: http://www.phpclasses.org/browse/package/3193.html.

    Class works well and should be just what you need...
    Regards, R.J.

    ---------------------------------------------------------

    Help spread the word! Like my YouTube-to-Mp3 Conversion Script on Facebook !! :)
    [Related videos and tutorials are also available at my YouTube channel and on Dailymotion]
    Get free updates about new software version releases, features, and bug fixes!

  • #3
    Senior Coder NancyJ's Avatar
    Join Date
    Feb 2005
    Location
    Bradford, UK
    Posts
    3,174
    Thanks
    19
    Thanked 66 Times in 65 Posts
    CAPTCHA is annoying, however effective.
    Read this: http://www.securephpwiki.com/index.php/Email_Injection on email injection - it may help you (unless the spammers are purely just filling in the form with text and spamming your client)

  • #4
    Senior Coder gsnedders's Avatar
    Join Date
    Jan 2004
    Posts
    2,340
    Thanks
    1
    Thanked 7 Times in 7 Posts
    I'd have a read of http://www.w3.org/TR/turingtest/ before using a CAPTCHA.

  • #5
    Senior Coder chump2877's Avatar
    Join Date
    Dec 2004
    Location
    the U.S. of freakin' A.
    Posts
    2,778
    Thanks
    19
    Thanked 155 Times in 146 Posts
    Quote Originally Posted by Error 404
    I'd have a read of http://www.w3.org/TR/turingtest/ before using a CAPTCHA.
    I have to say, that is interesting....And something I never thought about...

    I like audio validation as a future alternative... Like a person clicks on the CAPTCHA image (if they cant read it) and a wav file plays, that relays the CAPTCHA text... you have to think that people with disabilities are or will be equipped with the hardware necessary to hear stuff like this (speakers, headphones, etc.)...A regular HTML text message before the CAPTCHA image could prompt disabled users to go grab their headphones if they're not already using them...

    It would be cool if you could dynamically create wav files with the CAPTCHA text....just like you can dynamically create image files with PHP's image functions...
    Regards, R.J.

    ---------------------------------------------------------

    Help spread the word! Like my YouTube-to-Mp3 Conversion Script on Facebook !! :)
    [Related videos and tutorials are also available at my YouTube channel and on Dailymotion]
    Get free updates about new software version releases, features, and bug fixes!

  • #6
    Regular Coder
    Join Date
    Dec 2005
    Posts
    346
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by chump2877
    I have to say, that is interesting....And something I never thought about...

    I like audio validation as a future alternative... Like a person clicks on the CAPTCHA image (if they cant read it) and a wav file plays, that relays the CAPTCHA text... you have to think that people with disabilities are or will be equipped with the hardware necessary to hear stuff like this (speakers, headphones, etc.)...A regular HTML text message before the CAPTCHA image could prompt disabled users to go grab their headphones if they're not already using them...

    It would be cool if you could dynamically create wav files with the CAPTCHA text....just like you can dynamically create image files with PHP's image functions...
    I know of many sites that use this. Here is link to one site. https://www.omnipay.com/secure/logon.asp

    How do we make a custom turing image?

    Would it be waist of time to make the image Alternative Text value equal the image code? Like if the turing image value is 41Fd8Q then make the image alt="41Fd8Q" since that would help browsers that can't view image.

  • #7
    Senior Coder chump2877's Avatar
    Join Date
    Dec 2004
    Location
    the U.S. of freakin' A.
    Posts
    2,778
    Thanks
    19
    Thanked 155 Times in 146 Posts
    I know of many sites that use this. Here is link to one site. https://www.omnipay.com/secure/logon.asp
    Sweet! Would you happen to know how they did that, and if the audio is dynamically generated (along with the image)?

    Would it be waist of time to make the image Alternative Text value equal the image code? Like if the turing image value is 41Fd8Q then make the image alt="41Fd8Q" since that would help browsers that can't view image.
    I think that a clever web bot or program could use the "alt" or "title" attribute text to bypass the system (just like regular HTML text), so it's probably not a solution....just a hunch...
    Regards, R.J.

    ---------------------------------------------------------

    Help spread the word! Like my YouTube-to-Mp3 Conversion Script on Facebook !! :)
    [Related videos and tutorials are also available at my YouTube channel and on Dailymotion]
    Get free updates about new software version releases, features, and bug fixes!

  • #8
    Regular Coder
    Join Date
    Dec 2005
    Posts
    346
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I don't know how they did that & can't find anything anywhere on how to replicate that for my own sites.

    Didn't think about the bots using the alt text so that would be a bad idea.

  • #9
    Regular Coder
    Join Date
    Jul 2004
    Posts
    201
    Thanks
    8
    Thanked 1 Time in 1 Post
    might sound dumb, but i suppose it could work, possibly but how about a random question that the user has to complete for the mail to be sent. For example, at the end of your form get PHP to choose a random question from a list you made such as:

    is the title of this site called MYWEBPAGE?

    yes / no

    because its random and it changes, the bots cant answer it, on the next page you simply validate the question.

    another question could be, is today monday?

    Just a thought.

  • #10
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Yes/no questions would be way too easy to answer correctly without knowing the question.

    Here's my favorite solution by far:

    http://www.hotcaptcha.com/

    I'm thinking about putting in a system similar to that but it displays a handful of random images and asks the user to pick the image that contains a dog, for example. Someone could write an OCR algorithm to defeat it sure, but for my purposes it wouldn't be worth doing.

  • #11
    Senior Coder chump2877's Avatar
    Join Date
    Dec 2004
    Location
    the U.S. of freakin' A.
    Posts
    2,778
    Thanks
    19
    Thanked 155 Times in 146 Posts
    Hate to burst your bubble but how would a visually impaired person be able to differentiate between small CAPTCHA-like images (a picture of a dog versus a picture of a cat, let's say)....."Disabled" people like this really only have a couple of options: 1) increase the HTML font size of web content to something huge so they can see it, or 2) I guess there are ways to deliver/translate web content into an audible format.

    Unless you made the picture of the cat and dog REALLY big...lol......but then your image validation starts to look like a children's picture book...

    Edit: by the way, I'm referring to Error 404's post in this thread..
    Last edited by chump2877; 08-25-2006 at 06:29 PM.
    Regards, R.J.

    ---------------------------------------------------------

    Help spread the word! Like my YouTube-to-Mp3 Conversion Script on Facebook !! :)
    [Related videos and tutorials are also available at my YouTube channel and on Dailymotion]
    Get free updates about new software version releases, features, and bug fixes!

  • #12
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,495
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    The biggest problem people make is naming the
    form script something like "formmail" or "email" or "mail" ....
    spamming robots pick up on that right
    away. Call your script something like:
    <form action='df87ek.php' method='post'>

  • #13
    Regular Coder
    Join Date
    Jul 2004
    Posts
    201
    Thanks
    8
    Thanked 1 Time in 1 Post
    well seen as its only your form that the bots look for how about this:

    PHP Code:
    %3Cform%20method%3D%22POST%22%20action%3D%22--WEBBOT-SELF--%22%3E%0D%0A%09%3Cp%3E%3Cinput%20type%3D%22text%22%20name%3D%22T1%22%20size%3D%2220%22%3E%3Cinput%20type%3D%22submit%22%20value%3D%22Submit%22%20name%3D%22B1%22%3E%3Cinput%20type%3D%22reset%22%20value%3D%22Reset%22%20name%3D%22B2%22%3E%3C%2Fp%3E%0D%0A%3C%2Fform%3E 
    They cant read that and wont be able to input anything to the form:

    http://www.yuki-onna.co.uk/html/encode.html

  • #14
    Senior Coder NancyJ's Avatar
    Join Date
    Feb 2005
    Location
    Bradford, UK
    Posts
    3,174
    Thanks
    19
    Thanked 66 Times in 65 Posts
    Quote Originally Posted by chump2877
    Hate to burst your bubble but how would a visually impaired person be able to differentiate between small CAPTCHA-like images (a picture of a dog versus a picture of a cat, let's say)....."Disabled" people like this really only have a couple of options: 1) increase the HTML font size of web content to something huge so they can see it, or 2) I guess there are ways to deliver/translate web content into an audible format.

    Unless you made the picture of the cat and dog REALLY big...lol......but then your image validation starts to look like a children's picture book...

    Edit: by the way, I'm referring to Error 404's post in this thread..
    Aside from my dyslexia I am completely able, both in body and mind - I do however have trouble with a lot of captcha images - and thats not entirely due to dyslexia, some of them are just down right bad, in order to distort it so that robots cant read it they make it so that humans can just about make it out. But I'm pretty sure I can tell a dog from a cat. Without having to increase text sizes to be huge - dont be so narrow minded - there are more disabilities than visual impairments that would affect someone's ability to decipher captchas.

  • #15
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Maybe I'll include a blurb for the visually impaired that have an interest in my site (all 3 of them):

    "If you are having trouble telling the difference between a dog and a cat, call me and I will personally validate your registration."


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •