Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Ronald Roe

Thread: Contact Form Spam

  1. #1
    Senior Member Fireproofgfx's Avatar
    Join Date
    Apr 2012
    Location
    Washington
    Posts
    839
    Member #
    31498
    Liked
    171 times

    Contact Form Spam

    So I was hoping some of you would have a good idea on how to properly combat submission form spam. I have two political candidates that have been getting bombarded with spam. I expect a few spam submissions here and there but as of lately its been bad. One candidate gets 25-30 submissions that look like this:

    From: 57fbe20385f9
    E-Mail: skins626@yahoo.com

    and another one just gets blank submissions from their volunteer form, which shouldn't be the case because there are required sections such as name and email within that form. I have tested the emails and they come back properly, so I don't know what gives.


    This is the Form Code I use:


    PHP Code:
             <?php
    $name 
    "";$email "";$phone "";$message "";$hear_about_us "";$interest "";$msg_to_user "";

    if (
    $_POST['email'] != "") {  $name $_POST['name']; $email $_POST['email']; $phone $_POST['phone']; $hear_about_us $_POST['hear_about_us']; $interest $_POST['interest']; $message $_POST['message'];
      if (!
    $email) {  $msg_to_user '<h6><font color="FFFFFF">Please type an email address</font></h6>'; }   else if (!$name) {  $msg_to_user '<h6><font color="FFFFFF">Please enter your name</font></h6>';} else {    // emailing to your email address  $to = "EMAIL@gmail.com";  $subject = "Newsletter Sign Up";  $body = "From: $name\n E-Mail: $email\n";  $headers  = "From: EMAIL.com\r\n";  mail($to, $subject, $body, $headers); $msg_to_user = '<br />Thank you for subscribing for the newsletter! ';
      
    $name "";        $email "";  $message ""; } } ?>

    HTML Code:
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" onsubmit="return validateMyForm();">        <input type="text" name="name"  value="Name" size="40" /> <?php echo $name; ?>         <input type="text" name="email" value="Email" size="40" /> <?php echo $email; ?>                            <div class="honeypot">     <label>Keep this field blank</label>   <input type="text" name="honeypot" id="honeypot" />     </div>        <script type="text/javascript">    function validateMyForm() {        // The field is empty, submit the form.        if(!document.getElementById("honeypot").value) {             return true;        }          // the field has a value it's a spam bot        else {            return false;        }    }</script>                                <input type="submit" value="Subscribe" name="submit" />   </form>


    I came across the "Honeypot" method so I added that but that doesn't work against manual spammers. So what do you do? Any advice would be greatly appreciated.

  2.  

  3. #2
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    I use the honeypot. I also record their IP. Once a spammer comes in and figures out they can post their crap through your form, they'll keep hitting it. So, I take the first 3 sections of IP, log in to CPanel and block that IP block.

    Check the location the IP is coming from first, though. If it's local, maybe just block the 1 IP instead of the block.
    TheGAME1264 likes this.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  4. #3
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    I do something similar to Ron, except that I take it one step further.

    I have a database that has a table containing 222 of the more common patterns that I've noticed form spammers using, along with a score for each pattern. I take any non-honeypot submission and scan it for those patterns and it comes up with a score. If the score is greater than "Minimum 1", it's "Possible Spam" and greylisted. If it's greater than "Minimum 2", it's spam and I automatically submit the IP to my list of blocked IPs within IIS. Each offense comes with an increasingly long ban time.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  5. #4
    Senior Member Fireproofgfx's Avatar
    Join Date
    Apr 2012
    Location
    Washington
    Posts
    839
    Member #
    31498
    Liked
    171 times
    Are these techniques done primarily by web developers? As a "wannabe" web designer I have never tried or even understand how to go about what you guys said lol. How would I know/find their particular IP?

  6. #5
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    Server-side programming. Request.ServerVariables("REMOTE_ADDR") in ASP (or VB.net) gets the job done for me.

    I wouldn't say those techniques are primarily used by developers, but similar techniques are used by people who are conscious of security in general.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  7. #6
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    php:
    PHP Code:
    $_SERVER['REMOTE_ADDR']; 
    Also, apparently this forum has a function that detects if your entire post is in caps and changes it to sentence case. I had to edit that a few times to keep the caps in the code.
    Last edited by Ronald Roe; Oct 11th, 2016 at 06:41 PM.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:41 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com