How do I spam proof my contact form?

**dog** · 07-13-2009, 10:47 AM

Hello everybody,

I have a contact form that I've been using on my site. More and more often I receive spam email from it and I'd like some advise on making it spam proof.

All the spam emails contain hyperlinks so I thought a first step might be to have the form object to any field containing 'href'.

The PHP code of the form looks like this:

PHP Code:


<?



$host  = $_SERVER['HTTP_HOST'];

$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');





if ($_POST["name"] and $_POST["email2"] and $_POST["message"]){

    $extra = "?sent=contact";

    $name = $_POST['name'];

    $email = $_POST['email2'];

    $message = $_POST['message'];

    $mailing = $_POST['mailing'];

    

    $to = "me@mysite.com";   

    $subject = "MySite // Contact Form";   

    $body = "\r\nHello,\r\n\r\nHere is a message from the contact form: \r\n\r\n";

    $body .= "Message: - \r\n".$message."\r\n\r\n";

    $body .= "Name: ".$name."\r\n\r\n";

    $body .= "Email: ".$email."\r\n"; 

    

    if ($mailing =="Join Mailing List") {

    $body .= "Please add this email to the list: \r\n"; 

    }

    

    $body .= "\r\nMessage ends dude!\r\n\r\nPeace out!\r\nDOG.DC5B Mailer"; 

    

    $from = "From: MySite Mailer <mailer@mysite.com>";

    

    mail($to, $subject, $body, $from, "-fmailer@dmysite.com");

}



else {

 $extra = "?sent=no-contact";

}



  header("Location: http://$host$uri/$extra");

  exit;

    

?>

Thanks for any help,

Monkeyzbox

**fobos** · 07-18-2009, 07:46 PM

http://www.w3schools.com/php/php_secure_mail.asp

This is where i got this script. It basically checks to see if the email is valid, and if not, it will give a kick back. i dont know if this will help, but id figure i would give it a try.

PHP Code:


<html>

<body>

<?php

function spamcheck($field) {

  //filter_var() sanitizes the e-mail

  //address using FILTER_SANITIZE_EMAIL

  $field=filter_var($field, FILTER_SANITIZE_EMAIL);



  //filter_var() validates the e-mail

  //address using FILTER_VALIDATE_EMAIL

  if(filter_var($field, FILTER_VALIDATE_EMAIL)) {

    return TRUE;

  } else {

    return FALSE;

  }

}



if (isset($_REQUEST['email'])) {   //if "email" is filled out, proceed

  //check if the email address is invalid

  $mailcheck = spamcheck($_REQUEST['email']);

  if ($mailcheck==FALSE) {

    echo "Invalid input";

  } else {     //send email

    $email = $_REQUEST['email'] ;

    $subject = $_REQUEST['subject'] ;

    $message = $_REQUEST['message'] ;

    mail("someone@example.com", "Subject: $subject",

    $message, "From: $email" );

    echo "Thank you for using our mail form";

  }

} else {       //if "email" is not filled out, display the form

  echo "<form method='post' action='mailform.php'>

  Email: <input name='email' type='text' /><br />

  Subject: <input name='subject' type='text' /><br />

  Message:<br />

  <textarea name='message' rows='15' cols='40'>

  </textarea><br />

  <input type='submit' />

  </form>";

}

?>



</body>

</html>

**dog** · 07-21-2009, 05:54 PM

Perfect solution. I've put the code in place and it works a treat.

All the best,

dog

**dog** · 07-22-2009, 03:50 PM

Hi All,

I'm still getting spam! Since putting in the new code at least I know that no one else is being copied into the spam emails I'm receiving but I still want to put a stop to it.

I'd like to check for hyperlinks in the message part of the form and display an error if any are found. I've had a look at the other sections on w3schools.com/php but I can't find what I'm looking for.

Can any one suggest how I do it?

Thanks,

Dog

**JasonDFR** · 07-26-2009, 06:48 AM

You can use: http://recaptcha.net/

Or you can add a question to your form such as, "What is 2+2?" or "What color is an orange?" If the answer is not correct, display an error message asking the user to correctly answer the question.

**dog** · 07-28-2009, 03:08 PM

Hey man,
Thanks but no thanks. I want to keep the form really clean and simple. I shall try harder to find a way of detecting links in the message field or just put up with the occasional bit of spam.
Thanks anyway,
Dog

**JasonDFR** · 07-28-2009, 03:25 PM

You can limit spam by doing something to help assure that a human submitted the form, filter submissions for keywords related to spam, or both.

If you make the decision that any form submission that contains a hyperlink is spam, it is simple to filter those out.

If you don't want to do anything to help verify that a human submitted the form, and I don't blame you if you don't, you will need to start by defining what you consider spam, then filter the form submissions, and go from there.

Good luck.

**dog** · 07-28-2009, 03:56 PM

Thanks for the advise.

I don't know how to detect whether a field contains a hyperlink. That's what I'd like to do. Then I'd return a message explaining the situation.

If you could give me advise on detecting a hyperlink using PHP that would be very useful.

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

Thanks,
DOG

**JasonDFR** · 07-28-2009, 05:49 PM

PHP Code:


<?php

$message = 'Check this out <a href="http://www.something.com">Click here</a>. Click it';

if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) {
    // THERE IS A HYPERLINK IN THE MESSAGE
    // DO SOMETHING
    exit;
}

echo 'No hyperlinks';

exit;

You can extend this idea to an array of "spam" words.

Perhaps:

PHP Code:


$spam = array(
    'viagra',
    'etc',
);

Then you can loop through the array and use strpos() to determine if the spam word exists in the message. If found, then do something.

Originally Posted by dog

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

I'm sure you have heard of a spam filter before.

Good luck,

J

**dog** · 07-31-2009, 03:39 PM

I've tried putting that in place with no success.

Here is the code I'm currently trying:

PHP Code:


<?



if ($_POST["message"])

 {



 $message = $_POST['message'];



 //check the message doesn't contain links



 if (preg_match('/<a[\s]+[^>]*?href[\s]?=[\s\""\']+(.*?)[\""\']+.*?>([^<]+|.*?)?<\/a>/', $message)) 

  {    

  echo 'there is a hyperlink';

  }



 else

  {

  echo 'No hyperlinks';

  }



}

exit;

    

?>

Whatever I messge I post using the form I get the echo, 'No hyperlinks'. Even when I post a message like this:

My message is a link. <a href="http://www.something.com">Click here</a>

I've had a little study of the PHP Manual (something I should probably do more often). I've noticed that this function doesn't return TRUE or FALSE and sadly that makes it a real test of my PHP ability. Basically I don't know how to deal with the output of the function.

I'll keep working on it but feel free to offer more help. Thanks!

The link the appropriate link to the PHP manual if anyone wants it. http://uk3.php.net/manual/en/function.preg-match.php

I'm also curious about 'filtering for keywords related to spam'. I've not heard of this.

I'm sure you have heard of a spam filter before.

Yup! Sorry, I ready 'filtering for keywords related to spam' as 'filtering for keyboards related to spam' and was quite intrigued.