Dismiss Notice
Hey Guest, make sure to follow us on Twitter! Say hi and we'll be sure to follow back!

Contact form spam

Discussion in 'IT & Internet' started by debbidoo, Jan 5, 2010.

  1. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572
    I'm seeing increased spam on this particular contact form on my website (I'm not including the link for advertising purposes - just so that someone in the know can rummage through the code and help me!)

    This is the sort of spam I'm getting (I've added spaces to break the links - wouldn't want to give the feckers free advertising):

    Bearing in mind the type of coding I've used for the form, can anyone suggest a relatively easy-to-install solution/deterrent?

    Thanks in advance :)
     
    Posted: Jan 5, 2010 By: debbidoo Member since: Apr 10, 2008
    #1
  2. fisicx

    fisicx It's Major Clanger! Staff Member

    Posts: 25,697 Likes: 7,610
    Add a maths question such as: "what is 5+9?"

    When you validate the form is checks to see if the answer is 14. If not then rejection.

    You can also validate the fields and if there are any iffy charcters again rejection.

    Example here: http://www.aerin.co.uk/contactform/index.php

    Try entering anything except letters in the name field or numbers in the telephone field and you get an error message.
     
    Posted: Jan 5, 2010 By: fisicx Member since: Sep 12, 2006
    #2
  3. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572
    Cheers Graham :)

    How do I implement that in the php code though? That's the bit I really need help with - at the moment it's very, very basic...

    Thanks :)
     
    Posted: Jan 5, 2010 By: debbidoo Member since: Apr 10, 2008
    #3
  4. Kev Jaques

    Kev Jaques UKBF Newcomer Free Member

    Posts: 1,114 Likes: 268
    It's the old "do not trust user input"!
    You need to sanitize the details entered, make sure xss and sql injection issues are taken care of as best possible. (possibly also stripping any html tags depending on your depth of paranoia ;) )
    Also look at adding a captcha of some sort, although that won't stop the spam. You will still get some even putting those measures in.
     
    Posted: Jan 5, 2010 By: Kev Jaques Member since: Feb 19, 2009
    #4
  5. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572

    Lol - way to confuse a blonde, Kev! Now say that in English? :D
     
    Posted: Jan 5, 2010 By: debbidoo Member since: Apr 10, 2008
    #5
  6. fisicx

    fisicx It's Major Clanger! Staff Member

    Posts: 25,697 Likes: 7,610
    As kev says it's not simples but it is necessary.

    If you want the code from the example form I use I can send it to you. The code looks horrific but it is very stable and does work.
     
    Posted: Jan 5, 2010 By: fisicx Member since: Sep 12, 2006
    #6
  7. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572
    cheers Graham, that'd be fab. Reading code doesn't frighten me too much - I'll PM my email address to you.

    Thanks again, angel ;)
     
    Posted: Jan 5, 2010 By: debbidoo Member since: Apr 10, 2008
    #7
  8. Peter Bowen

    Peter Bowen UKBF Enthusiast Free Member

    Posts: 753 Likes: 189
    There is a way that's less hostile to your customers. I've used this on about 40 forms in the last few months and haven't had a single spam submission yet. It's not 100% bulletproof but for now it works well enough against automated form filling bots.

    Put a couple of text fields in a hidden div in the form. If these fields are filled out then you know it's a spam submission. Just have your form processing script check for these fields before carrying on.


    Some thoughts on the subject of spam submissions:

    http://sethgodin.typepad.com/seths_blog/2009/10/promiscuous-dispersal-of-your-email-address.html
     
    Posted: Jan 5, 2010 By: Peter Bowen Member since: Jul 2, 2007
    #8
  9. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572
    Thanks Peter :)

    Sounds like I need to spend some time brushing up my (lamentable) PHP skills... :p
     
    Posted: Jan 5, 2010 By: debbidoo Member since: Apr 10, 2008
    #9
  10. edmondscommerce

    edmondscommerce Magento + PHP Expert Full Member - Verified Business

    Posts: 3,646 Likes: 625
  11. Peter Bowen

    Peter Bowen UKBF Enthusiast Free Member

    Posts: 753 Likes: 189
    Here's how to do it:

    In your form (somewhere between <form method=POST action=> and </form>): Put this bit of html:

    <div style='display: none;'><input type=text name=text1><input type=text name=text2></div>

    In the php script that processes the form: Put this bit of PHP near the top (just after the opening <?php tag is probably fine):

    if($_POST['text1'] != ''OR $_POST['text1'] != ''){die();}
     
    Last edited: Jan 5, 2010
    Posted: Jan 5, 2010 By: Peter Bowen Member since: Jul 2, 2007
    #11
  12. J-Wholesale

    J-Wholesale UKBF Newcomer Free Member

    Posts: 768 Likes: 213
    Peter has the best approach. I do this on all my sites and never get any spam. It wouldn't work for very popular sites, as spammers would make the extra effort required to circumvent the anti-spam measure, but for robots hitting your site alongside 1000 others, it should work without problems.
     
    Posted: Jan 5, 2010 By: J-Wholesale Member since: Jul 13, 2008
    #12
  13. bdw

    bdw Banned

    Posts: 6,568 Likes: 1,269
    I use the human test method of asking a simple question and validating the answer. I have found this to be very effective. I get the odd spam submission that is submitted manually but it has stopped all of the automatic submissions.

    Debbidoo there is a low cost form wizard construction tool available which allows validation and more. It's well worth the money - Google tools4php.
     
    Posted: Jan 6, 2010 By: bdw Member since: Aug 13, 2008
    #13
  14. 3cellhosting

    3cellhosting UKBF Newcomer Free Member

    Posts: 138 Likes: 51
    Hi all,

    I have a developer account with http://recaptcha.net/ , which is free and I use this on most of my forms.

    One thing to bear in mind is that in Eastern Bloc countries and places like India, labour is so cheap they pay people to manually complete forms so you will always get some spam filtering through.

    Hope this helps

    David
     
    Posted: Jan 6, 2010 By: 3cellhosting Member since: Aug 24, 2006
    #14
  15. bdw

    bdw Banned

    Posts: 6,568 Likes: 1,269
    Isn't the problem with Recaptcha that some of their images are barely decipherable? I have found that I get angry when I am faced with such a situation and it tends to make me reject the use of some forms.

    I think it's easier to ask people to enter answers to unambiguous questions like "what is 5 + 9?" and "what colour is coal?" With CAPTCHA you have to strike some sort of a balance between effectiveness and ease of use.
     
    Posted: Jan 6, 2010 By: bdw Member since: Aug 13, 2008
    #15
  16. 3cellhosting

    3cellhosting UKBF Newcomer Free Member

    Posts: 138 Likes: 51
    Hi bdw.

    There are some words that I have found to be a bit fuzzy but in general they are better than they used to be.

    Here is a screenshot of an actual recaptcha input...

    [​IMG]

    If you cant read a combination you just use the refresh button.

    It also has audio for partially sighted, which is a must with the current DDA (Disability Discrimantion Act).

    With Joomla integration I get to set style etc. so long as I have my developer details for login.

    Regards

    David
     
    Last edited: Jan 6, 2010
    Posted: Jan 6, 2010 By: 3cellhosting Member since: Aug 24, 2006
    #16
  17. fisicx

    fisicx It's Major Clanger! Staff Member

    Posts: 25,697 Likes: 7,610
    The problem with captcha is that it has been compromised. Google for 'captcha hacking' and you will see any number of the methods.

    The hidden field method does work as do simple maths question or comparison question (is a mouse bigger than an elephant Y or N).

    Nothing is foolproof but a few simple validation checks will strip out most of the spammers.
     
    Posted: Jan 6, 2010 By: fisicx Member since: Sep 12, 2006
    #17
  18. Peter Bowen

    Peter Bowen UKBF Enthusiast Free Member

    Posts: 753 Likes: 189
    There is another problem with CAPTCHA. It's hostile to your customers. It's like putting up a barbed wire fence in front of your shop.

    We should look at making it as smooth and easy as possible for people to do business with us - even if it means spending 5 minutes a day deleting spam.
     
    Posted: Jan 6, 2010 By: Peter Bowen Member since: Jul 2, 2007
    #18
  19. edmondscommerce

    edmondscommerce Magento + PHP Expert Full Member - Verified Business

    Posts: 3,646 Likes: 625
  20. debbidoo

    debbidoo UKBF Ace Free Member

    Posts: 1,803 Likes: 572
    Thanks very much to all of you for your input, and big thanks to Peter for explaining how to code it, and to Graham for sending me his code by email :)

    I'm going to be doing a big redesign of my site in the next few weeks, and as I have more than one contact form on the site I may actually try all the 'fixes' suggested by you, and let you know which one worked best :p

    Cheers guys :)
     
    Posted: Jan 7, 2010 By: debbidoo Member since: Apr 10, 2008
    #20