Contact form being spammed

Mr.Orb · 2 May 2008 at 22:08

Hi peeps,
My contact form seems to be getting spammed by what i'm thinking is a bot.
I know there is a way to add a 'hidden' form which the spam bot will see and fill in, if its filled in it won't accept the submission. I need help implementing this into my script.

Front side code

Code:

<form method="POST" action="contact.php">
<div class="contactleft"><label for="Name">Name: </label></div>
<div class="contactright"><input type="text" name="Name" id="Name" size="30" maxlength="50" value="" /> (required)</div>
<div class="contactleft"><label for="Email">Email: </label></div>
<div class="contactright"><input type="text" name="Email" id="Email" size="30" maxlength="50" value="" /> (required)</div>
<div class="contactleft"><label for="Subject">Subject: </label></div>
<div class="contactright"><input type="text" name="Subject" id="Subject" size="30" maxlength="50" value="" /></div>
<div class="contactleft"><label for="Message">Message: </label></div>
<div class="contactright"><textarea name="Message" id="Message" cols="30" rows="8"></textarea></div>
<div class="contactright"><input type="submit" name="submit" value="Submit"></div>
</form>

Backend code

Code:

<?php
$EmailFrom = "@";
$EmailTo = "@";
$Subject = "DRP Form";
$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Subject = Trim(stripslashes($_POST['Subject'])); 
$Message = Trim(stripslashes($_POST['Message']));

$validationOK=true;
if (Trim($Name)=="") $validationOK=false;
if (Trim($Email)=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
  exit;
}

$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Subject: ";
$Body .= $Subject;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.php\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
}
?>

If anyone can help i'd really appreciate it,
thanks!

dave-lew99 · 2 May 2008 at 22:21

if i remember rightly then you just put somthing like

<input type="hidden" name="nospamtoday" value="" id=nospamcheck>

not sure how you would do the value line though, if you hard code it, it defeats the object

RobH · 2 May 2008 at 22:31

You need something like a text field that you can then hide using CSS by setting it's display property to none. Also changing the name of your fields may help so instead of using a name like email have something obscure like fielda1 so the bots can't easily fill in the form, increasing the chance they they will put the email in the wrong place and it will fail validation. You could even go as far as replacing the text labels with a small image with the text in as bots aren't likely to OCR a label.

Mr.Orb · 2 May 2008 at 22:33

Sorry its the backend code i need help with, i know how to hide the text field.

RobH · 2 May 2008 at 22:49

Mr.Orb said:
Sorry its the backend code i need help with, i know how to hide the text field.

Well if you want to use your existing code then it should just be a matter of validating the extra field. You were trimming the fields twice which isn't necessary so I removed the trim function from them.

Code:

$Hidden = Trim(stripslashes($_POST['hidden'])); 

$validationOK=true;
if ($Hidden != "") $validationOK=false;
if ($Name=="") $validationOK=false;
if ($Email=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
  exit;
}

Mr.Orb · 2 May 2008 at 23:17

Thanks very much rob

. That seemed much simpler than I expected.

unwashed potato! · 3 May 2008 at 01:41

thats not the only option, there are many possible ways to reduce the risk of spam bots using your forms.

another to try out is put a random question in, such as "what is bigger? House, or Leaf?

if you search you will find a few threads with more explanations of what you can do to make your contact forms less likely to get spam

chiggz · 3 May 2008 at 09:58

^^ yup, i deal with my guestbook getting spammed by having a random number generator

Ross1234 · 3 May 2008 at 10:49

What about Captcha?

unwashed potato! · 3 May 2008 at 10:57

captcha is ok but from a users point of view it can be very tedious having to forever type in a load of really random characters, especially when you get it wrong so i prefer to try alternative methods first

Mr.Orb · 3 May 2008 at 21:31

I'm going to see if this works first, it did when i tested it. I have also changed the form names to field1, field2 etc. I prefer to have something like this as it saves a real user from doing anything annoying.