+ Reply to Thread
Results 1 to 2 of 2

Thread: Form spam, how to stop

  1. 23-Mar-2008 08:34 PM #1
    yoda
    yoda is offline Active Member yoda is on a distinguished road
    Join Date
    Mar 2008
    Posts
    1

    Default Form spam, how to stop

    I don't know how many users of formmail have trouble with spammers but I have and it is annoying. The message is usually something like this:

    messagetype: 'Suggestion'
    Comments: 'a'
    username: '163Öá³ÐÍø'
    useremail: 'abc@hot.com'
    usertel: 'abc'
    userfax: 'abc'

    I received this within 24 hours of publishing the page with the new form. The bots look for the "action" attribute in the form, javascript verification does not work so here is my solution:

    Step 1: Put the form code in a file with 'formname.php' name and place the file in a separate directory ./includeforms.
    On the page where the form resides, use a php include to place the code.
    e.g. <?php include "./includeforms/formname.php"; ?>

    Step 2: Code the <form ... > element within a php command as follows:
    <?php echo '<form method="POST"' . $act . 'onsubmit="" name="My Form">' ?>

    Step 3: Define the $act variable at the top of the page using the form before the document type and <html> tag as follows:
    $act = ' action="http://www.yourdomain.com/mailscript.php" ';?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    This solution requires a user to actually open the page in a web browser for the server side code to include the form on the page and instantiate the "action" attribute.

    If anyone else has better solutions, let me know.

    Ben
    Last edited by yoda; 23-Mar-2008 at 08:51 PM.
    Reply With Quote Reply With Quote
  2. 23-Mar-2008 11:42 PM #2
    russellr's Avatar
    russellr
    russellr is offline Tectite and FormMail Author russellr is on a distinguished road
    Join Date
    Dec 2003
    Posts
    3,901

    Default Re: Form spam, how to stop

    Hi Ben,

    Thanks for the tip.

    FormMail's builtin spam protection should catch most of the junk - we get hardly any spam.

    In the example you've shown, the usertel and userfax values are the same.

    If you add those field names to ATTACK_DETECTION_DUPS, that would stop that particular attack.

    I'll be interested to know how your solution works in practice.

    Remember that a spambot is a browser, so, even with the tricky PHP you have the bots will see the action attribute.

    Basically, anything that appears in a normal user's browser, a spambot can see too.

    The exception is JavaScript, though some bots are processing that now too.
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder
    http://www.tectite.com/
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. Spam protection
    By osluk in forum FormMailEncoder/Decoder
    Replies: 5
    Last Post: 02-Aug-2006, 09:53 PM
  2. how to stop error codes displaying
    By piemanek in forum FormMail Subscription Support
    Replies: 1
    Last Post: 13-Sep-2005, 11:02 PM
  3. stop the spammers!
    By piemanek in forum FormMail Subscription Support
    Replies: 0
    Last Post: 13-Sep-2005, 01:57 PM
  4. Someone trying to exploit script to relay spam
    By auren in forum FormMail Subscription Support
    Replies: 6
    Last Post: 06-Sep-2005, 10:58 PM
  5. Anti-spam question
    By antispam in forum FormMail Subscription Support
    Replies: 1
    Last Post: 03-Mar-2005, 11:06 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules