Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5
  1. #1
    Senior Member medlington's Avatar
    Join Date
    Nov 2005
    Location
    Sheffield, UK
    Posts
    377
    Member #
    11968
    Liked
    4 times
    Hi all,

    Iv got a problem with my the contact form on my website, It all works fine but I keep getting spam messages sent from it. At first the spam messages were only coming to my email address but now it looks like they are going all over the place as many email addresses are appearing in the CC header of the email.

    this is what my code looks like:

    PHP Code:
            <?php
            
    // Handle POST method.
            
    if ($_POST)
            {
                
    $name $_POST['name'];
                
    $email $_POST['email'];
                
    $comments $_POST['comments'];
            
    $telephone $_POST['telephone'];
                
    // Compose simple text message:
                
    $message "Message from $name $telephone ($email)\n\nComments:\n\n$comments";
                
    // Send message to [email]Feedback@atumstudios.com[/email]
                
    mail("Feedback@mysite.com, [email]me@myaddress.com[/email]""Website Feedback"$message);
               
    // Thank the generous user
                
    echo "\n\n<br><H3>\n\nThank you for your message</H3>\n";
            }
            else
            { 
    ?>
    Is there anyway to stop this rubbish from being sent from my site as it doesnt look very good for my company?

    can i block the CC section of the header or anything like that?

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,716
    Member #
    5580
    Liked
    717 times
    The very first thing, and you didn't mention what it is ...

    The actual name of your email script.

    If you named it something like: formmail.php, email.php, eform.php, mailer.php ...

    You should change the name to something odd, even cryptic.

    Spammer robots look for email scripts with obvious names.

    Also do the same for the form variables. name="email",
    how about name="h5t6"

    In your script, you would have:
    $email = $_POST['h5t6'];

    =================

    Next, you could use captchas (although "accessibility" standards don't recommend that).

    ... or ... even have a textbox with a simple question that only a human could answer.
    Like "what day is it today" and have 7 radio buttons that they select from.
    Check it with your script.

    =================

    I think if you address the first suggestions, your spamming will drop off dramatically.

    EDIT:
    Search on Google for ways to strip-out CC and BCC references.


    .


  4. #3
    Senior Member medlington's Avatar
    Join Date
    Nov 2005
    Location
    Sheffield, UK
    Posts
    377
    Member #
    11968
    Liked
    4 times
    thanks for the advice,

    the script isnt actually named anything, it just sits within my contact page which is called 'contact.php' would changing this name help?

    Il get on with changing the variable names too.

    thanks again.

  5. #4
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    They may be injecting headers. If the messages are likely to be short, remove all newlines from the message.
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  6. #5
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,716
    Member #
    5580
    Liked
    717 times
    Having the script within the contact page itself poses another possible problem,
    the problem with refreshing the screen. It might be better to separate the
    HTML form contact page from the actual form email script, and after the email
    is sent, redirect to a "thankyou" page.

    Try this yourself,

    Fill out your form and submit it, then keep refreshing your screen, or
    clicking submit over and over a few times. If your browser is like mine,
    the text fields retain their contents and clicking submit sends it over.

    Another technique you can try.

    Put a "fake" form before the "real" form and comment it out so it appears
    in the HTML source, but not visible on the page. I believe some spam robots
    find the first form and hammer it, then, they never check further on. I experimented
    with that one time, where my "fake" form executed a PHP script that kept count
    of how many times it was executed. Coincidently, the spamming on the "real"
    form dropped to zero.



Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 08:47 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com