How do I spam proof my contact form?

Hello everybody,

I have a contact form that I've been using on my site. More and more often I receive spam email from it and I'd like some advise on making it spam proof.

All the spam emails contain hyperlinks so I thought a first step might be to have the form object to any field containing 'href'.

The PHP code of the form looks like this:

PHP Code:

<? $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); if ($_POST["name"] and $_POST["email2"] and $_POST["message"]){ $extra = "?sent=contact"; $name = $_POST['name']; $email = $_POST['email2']; $message = $_POST['message']; $mailing = $_POST['mailing']; $to = "me@mysite.com"; $subject = "MySite // Contact Form"; $body = "\r\nHello,\r\n\r\nHere is a message from the contact form: \r\n\r\n"; $body .= "Message: - \r\n".$message."\r\n\r\n"; $body .= "Name: ".$name."\r\n\r\n"; $body .= "Email: ".$email."\r\n"; if ($mailing =="Join Mailing List") { $body .= "Please add this email to the list: \r\n"; } $body .= "\r\nMessage ends dude!\r\n\r\nPeace out!\r\nDOG.DC5B Mailer"; $from = "From: MySite Mailer <mailer@mysite.com>"; mail($to, $subject, $body, $from, "-fmailer@dmysite.com"); } else { $extra = "?sent=no-contact"; } header("Location: http://$host$uri/$extra"); exit; ?>

Thanks for any help,

Monkeyzbox

http://www.w3schools.com/php/php_secure_mail.asp

This is where i got this script. It basically checks to see if the email is valid, and if not, it will give a kick back. i dont know if this will help, but id figure i would give it a try.

PHP Code:

<html> <body> <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) { //if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else { //send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("someone@example.com", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else { //if "email" is not filled out, display the form echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </body> </html>

Perfect solution. I've put the code in place and it works a treat.

All the best,

dog

Hi All,

I'm still getting spam! Since putting in the new code at least I know that no one else is being copied into the spam emails I'm receiving but I still want to put a stop to it.

I'd like to check for hyperlinks in the message part of the form and display an error if any are found. I've had a look at the other sections on w3schools.com/php but I can't find what I'm looking for.

Can any one suggest how I do it?

Thanks,

Dog

You can use: http://recaptcha.net/

Or you can add a question to your form such as, "What is 2+2?" or "What color is an orange?" If the answer is not correct, display an error message asking the user to correctly answer the question.

Hey man,
Thanks but no thanks. I want to keep the form really clean and simple. I shall try harder to find a way of detecting links in the message field or just put up with the occasional bit of spam.
Thanks anyway,
Dog

You can limit spam by doing something to help assure that a human submitted the form, filter submissions for keywords related to spam, or both.

If you make the decision that any form submission that contains a hyperlink is spam, it is simple to filter those out.

If you don't want to do anything to help verify that a human submitted the form, and I don't blame you if you don't, you will need to start by defining what you consider spam, then filter the form submissions, and go from there.

Good luck.

Thanks for the advise.

I don't know how to detect whether a field contains a hyperlink. That's what I'd like to do. Then I'd return a message explaining the situation.

If you could give me advise on detecting a hyperlink using PHP that would be very useful.

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

Thanks,
DOG

PHP Code:

<?php $message = 'Check this out <a href="http://www.something.com">Click here</a>. Click it'; if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) { // THERE IS A HYPERLINK IN THE MESSAGE // DO SOMETHING exit; } echo 'No hyperlinks'; exit;

You can extend this idea to an array of "spam" words.

Perhaps:

PHP Code:

$spam = array( 'viagra', 'etc', );

Then you can loop through the array and use strpos() to determine if the spam word exists in the message. If found, then do something.

Quote:

Originally Posted by dog

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

I'm sure you have heard of a spam filter before.

Good luck,

J

I've tried putting that in place with no success.

Here is the code I'm currently trying:

PHP Code:

<? if ($_POST["message"]) { $message = $_POST['message']; //check the message doesn't contain links if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) { echo 'there is a hyperlink'; } else { echo 'No hyperlinks'; } } exit; ?>

Whatever I messge I post using the form I get the echo, 'No hyperlinks'. Even when I post a message like this:

Quote:

My message is a link. <a href="http://www.something.com">Click here</a>

I've had a little study of the PHP Manual (something I should probably do more often). I've noticed that this function doesn't return TRUE or FALSE and sadly that makes it a real test of my PHP ability. Basically I don't know how to deal with the output of the function.

I'll keep working on it but feel free to offer more help. Thanks!

The link the appropriate link to the PHP manual if anyone wants it. http://uk3.php.net/manual/en/function.preg-match.php

Quote:

Quote:

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

I'm sure you have heard of a spam filter before.

Yup! Sorry, I ready 'filtering for keywords related to spam' as 'filtering for keyboards related to spam' and was quite intrigued. :o

PHP Code:

<?php // I added this: $_POST["message"] = 'My message is a link. <a href="http://www.something.com">Click here</a>'; // YOUR CODE BELOW: if ($_POST["message"]) { $message = $_POST['message']; //check the message doesn't contain links if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) { echo 'there is a hyperlink'; } else { echo 'No hyperlinks'; } } exit;

The above works as expected. I bet you have magic_quotes_gpc ON. If you can turn them off, do it, otherwise, use stripslashes() before checking for hyperlinks.

preg_match(), when used with the first two arguments only returns either 0 or 1. With that in mind, you can test the result of the evaluation with an if statment.

Good luck.

J

Okay I take your point about it being usable in an if statement and I have some idea about what you're saying with regard to something needing to be changed.

I've got the following working:

PHP Code:

<? $message = $_POST['message']; if (preg_match('/href/', $message)) { echo 'there is a hyperlink'; } else { echo 'no hyperlinks'; } exit; ?>

Obviously I didn't want to have to simplify it that much but as you may have gathered I don't know how to write a lot of PHP. Please explain a little more if you can. I don't even know where to got to turn off my magic quotes.

Thanks!
Dog