Contact form on our website is sending us spam

Retro Techy · 4 Jan 2017 at 17:21

Could use some help.

Our work website is spending us thousands of spam emails from the contact form.

http://www.laptop-repairs.com/

When you use the quick enquiry form it seems to spam sendemail.php which sends us tons of blank emails, can anyone give me an idea of what's going wrong? :confused:

sb89 · 4 Jan 2017 at 19:34

The validation on your form isn't working. It seems to be done by the javascript function "validaterequest". But the console is saying this is not defined.

It then gets caught in some sort of refresh loop in sendemail.php, which causes the spam.

EDIT - There is also various javascript errors when the browser loads up http://www.laptop-repairs.com/index.html

AHarvey · 4 Jan 2017 at 21:10

I'd look at moving the contact form over to PHP and storing them into a database as well as sending emails if you've not already set that up.

I've no real experience with javascript but php forms are easy enough to setup.

Retro Techy · 5 Jan 2017 at 12:02

Thanks for the help, I have no idea how to sort this out myself, but at least I can pass on the info.

Pho · 12 Jan 2017 at 13:10

With recaptcha you should be doing server-side validation too. When the form is posted to sendemail.php it is sent the recaptcha response which should then be sent to Google along with your secret key and the client's IP address.

You can use PHP and all it needs do is query the verify URL e.g.:
https://www.google.com/recaptcha/ap...esponse=CAPTCHAFORMRESPONSE&remoteip=CLIENTIP

This then tells you if the captcha was actually valid or forged.

Here's some PHP someone wrote to do that:

PHP:

#
# Verify captcha
$post_data = http_build_query(
    array(
        'secret' => CAPTCHA_SECRET,
        'response' => $_POST['g-recaptcha-response'],
        'remoteip' => $_SERVER['REMOTE_ADDR']
    )
);
$opts = array('http' =>
    array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
        'content' => $post_data
    )
);
$context  = stream_context_create($opts);
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
$result = json_decode($response);
if (!$result->success) {
    throw new Exception('Gah! CAPTCHA verification failed. Please email me directly at: ', 1);
}

https://gist.github.com/jonathanstark/dfb30bdfb522318fc819

Retro Techy · 25 Jan 2017 at 17:23

Bit of a blast from the past, this is still an issue while we are talking to the company who did our website.

Can anyone help me remove or just disable the contact form?

AHarvey · 25 Jan 2017 at 17:29

is it supposed to show on every page?

It would just be a case of going in to the code and commenting out the form using comment tags  after.

Retro Techy · 26 Jan 2017 at 11:49

We don't want it to show on the index page.
I tried that  tag last night and it greyed out the text, but when I uploaded it, the form was still showing.

Here's the code, where abouts should I be putting the comment tags?

<script src="https://www.google.com/recaptcha/api.js?onload=myCallBack&render=explicit" async="" defer=""></script>
<script></script>
<script type="text/javascript"></script>
<section id="main-slider" class="no-margin">
<div class="carousel slide">
<div class="carousel-inner">
<div class="item active">
<div class="container">
<div class="slide-margin mac-home">
<div class="">
<div class="col-md-8 animation animated-item-4 padding">
<h1 class="animation animated-item-1">Central London's leading Laptop Repairs Specialist Since 1986</h1>
<div class="pra">
<div class="slider-img01" slide-faq="">
<div style="background-image: url('images/lap-home.png'); background-repeat: no-repeat; " class="slider-img"> </div>
</div>
</div>
<ul class="service-left">
<li>Free quotation while you wait</li>
<li>Safe data handling</li>
<li>All models repaired</li>
<li>No fix no fee</li>
<li>Collection available</li>
</ul>
</div>
<div class="col-sm-4">

<div class="contact-us-now">

<h1>Quick Enquiry</h1>
<div class="contact-box-insite">
<form name="contact_now" id="contact_now" method="post" action="sendemail.php">
<p>Fill in the form below for a quick quote</p>
<input id="fname" name="fname" class="font-color" placeholder="First Name *"/>
<span id="fn_name"></span>
<input id="email" name="email" class="font-color" type="email" placeholder="Email *"/>
<span id="ei_mail"></span>
<input id="phone" name="phone" class="font-color" placeholder="Phone *" onKeyPress="return isNumber(event);"/>
<span id="tel_name"></span>
<input id="makemodel" name="makemodel" class="font-color" placeholder="Make & Model *"/>
<span id="e_makemodel"></span>
<textarea name="mes" id="mes" class="font-color" rows="" placeholder="Enter details of fault for a quick quote"></textarea>
<input type="hidden" name="url" id="url" value=""/>
<span id=mainCaptchanyu>
<input id=mainCaptcha class=live_captcha type=button name=cap>
</span>
<input id=txtInput class=textvalue placeholder="Captcha *"/>
<span id=cap_info></span>
<div id="recaptcha1"></div>
<span style="color: red;" id="hiddenRecaptcha"></span>
<input type="hidden" class="hiddenRecaptcha required" name="hiddenRecaptcha1" id="hiddenRecaptcha1"/>
<label id="test"></label>
<input class="input-button" name="" type="submit" value="SEND" onClick="return validaterequest();"/>
</form>

</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</section>

touch · 26 Jan 2017 at 15:48

You need to comment before this div:
<div class="col-sm-4">
and after it's matching end tag too:
</div>

it might be easier to change it to:
<div class="col-sm-4" style="display:none;">
This will hide it without you having to go looking for the end tag.

gemlover · 27 Jan 2017 at 13:49

validation error. Just try to run the above code in the backend

Retro Techy · 30 Jan 2017 at 12:27

touch said:
it might be easier to change it to:
<div class="col-sm-4" style="display:none;">
This will hide it without you having to go looking for the end tag.

Thanks! That got rid of it.

JamesM · 31 Jan 2017 at 23:26

Surprised that reCAPTCHA isn't working?

touch · 1 Feb 2017 at 16:04

JamesM said:
Surprised that reCAPTCHA isn't working?

I think the form itself was fine, it was the code processing the response that was broken and seemed to get stuck in an infinite loop which presumably sent a blank email each time it loaded.

Retro Techy, if you post the code of the sendmail.php file here I'm sure somebody would be able to spot the error and fix it for you.