How do you stop form spamming?

Re: How do you stop form spamming?

Hi if you would like to contact us .. we can help rid you of your spam problem...

Re: How do you stop form spamming?


You can't do it on here?

Re: How do you stop form spamming?

No, sorry ... the person I had in mind to do so does not work these boards ... but perhaps someone else can ...

Re: How do you stop form spamming?

Use ABVFP, or add a captcha validation, or use a session in your form / script. There are many ways of doing it.

Please note that manual spamming can NOT be avoided. If they manually submit through your form there is nothing you can do. If however this is a bot spamming, you can stop it.

Re: How do you stop form spamming?

Hi Navaldesign

This is what I keep getting. I'm assuming its bots. Sorry to paste this long garbage.
I'm not sure what part of the form they're typing all this stuff in...



Values submitted from web site form:
sms
Input : Edited by moderator

Region : Pefferlaw
name : Nikbtye
email : nedpmq******.com
telephone : Unknown
count : Unknown

Re: How do you stop form spamming?

Not necessarily. Can also be manual submission (though it would be strange). Do as advised, ABVFP, or captcha, or sessions or a combination of the above.

Re: How do you stop form spamming?

Thnx navaldesign

I'll attempt one of your following suggestions.

Re: How do you stop form spamming?

Mike-

You said you had max length values set. Were these set in the php script or in the form itself?

Reason: If the max length is set in the form, a hacker can duplicate your form removing the max length and submit the form. For that reason, it is important to have max length built into the php script.

Andy

Re: How do you stop form spamming?


Hi Andy


It is built into the php script. That's the reason I found it strange that all this garbage was coming through.

Re: How do you stop form spamming?

Not seeing your script- it is hard to tell. If this is happening frequently, and if you desire to do so- post the script and we'll have a look and come up with something to combat it. Or e-mail it to me via my contact page on my site - www.netisopen.com

Cheers

Andy

Re: How do you stop form spamming?

Thnx Andy

• Actually, my bad. As far as the count goes. it is an html script that I have embedded in my form. This is my script that I'm using for the form.

<?php
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$comments = $HTTP_POST_VARS['comments'];
if (strlen($name) == 0)
{
header("Location: /nameerror.php");
exit;
}
if (strlen($name) >=30)
{
header("Location: /nameerror.php");
exit;
}
if (strlen($email) == 0)
{
header("Location: /emailerror.php");
exit;
}
if (strlen($email) >= 45)
{
header("Location: /emailerror.php");
exit;
}
if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', $email))
{
header("Location: /emailerror.php");
exit;
}
if (strlen($telephone) >= 15)
{
header("Location: /telephoneerror.php");
exit;
}
if (strlen($comments) >= 501)
{
header("Location: /commenterror.php");
exit;
}
if (substr_count($comments , '@') > "2")
{
header("Location: /commenterror.php");
exit;
}
//SEND MAIL
$mailto = "name@mydomain.com";
$mailsubj = "Inquiry";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Values submitted from web site form:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS))
{
$mailbody .= "$key : $val\n";
}
mail($mailto,$mailsubj,$mailbody,$mailhead);
header("Location: http://mydomain.com/confirm.php");
?>

• And this is the html script that I'm using for the count.

<form NAME="xxxxxx">

<input type="text" name="count" value="500" size="3" onFocus="this.blur" readonly>

<br>

<textarea rows="7" cols="36" name="smsInput" wrap
onKeyUp="
val = this.value;
if (val.length > 500) {
alert('Sorry, you are over the limit of 500 characters');
this.value = val.substring(0,500);
smsInput.focus()
}
this.form.count.value=500-parseInt(this.value.length);
"></textarea>

</form>


</body>

Re: How do you stop form spamming?

Well-it is definetly comming from the comments section. Most likely- your form has been targeted by a bot. However- it is also possible that some one is manually doing the injection (but less likely).

So- if it were me, I would do something simple to start out. Change the name of the comments area on the form to something else like- tell_me
Then change it in the appropriate areas in the php scritp (see areas below in blue).
Then save and publish. Here's my reasoning. Usually a bot crawls the web finding forms by key words associated with forms. Once a form is found the bot tests to see if it is vulnerable. It then logs the webaddress of the form and sends this info back to the hacker and then goes on it's merry way. The hacker then programs another bot to visit and inject the form. Sometimes these are done simlutaneously- but most often it is a two step process. So by changing the name of the field, the programmed bot will arrive and be unable to achieve its goal as it was programmed to inject the "comments" field and not "tell_me" field.

If it is a person who is manually doing the injection- nothing will change. If it is a bot- it will likely stop for some time until a research bot discovers it again. Could stop for a few days, months. But that is one way to test.

If if is a person doing it- we can capture their IP address and try blocking it.

Naval has the best solution- us captcha or ABVFP. But you can try what I said as a short term solution until your up to speed with the captcha or ABVFP.

Let me know what happens-

Andy

Re: How do you stop form spamming?

Thank you very much Andy


I have changed it as you recommended. Hopefully that will do the trick for now.

I have asked navaldesign to make me a secure form so I don't run into this problem again. This spam is truly a pain the the neck.

Re: How do you stop form spamming?

You're welcome. Good luck.

Andy