judkels Posted August 2, 2009 Report Share Posted August 2, 2009 I have a simple contact us form and a php file. While it seems to work ok when I tested it what has started to happen is that I'm getting messages arriving from "."@c2bthimr01.btconnect.com with no information filled in the message ie Name: Message: I am assuming this is some sort of robot. What can I do to stop this happpening. This is my form: Your name: Your email address: Your message: This is my php file <?php $email_to = "webmaster@xxxxx.co.uk"; $name = $_POST["name"]; $email_from = $_POST["email"]; $message = $_POST["message"]; $email_subject = "Feedback from website"; $headers = "From: $email_from .\n"; "Reply-To: $email_from .\n"; $message = "Name: ". $name . "\r\nMessage: " . $message; ini_set("sendmail_from", $email_from); $sent = mail($email_to, $email_subject, $message, $headers, "-f" .$email_from); if ($sent) { header("Location: http://www.xxxx.co.uk/thankyou.html\"); } else { echo "There has been an error sending your comments. Please try later."; } ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted August 2, 2009 Report Share Posted August 2, 2009 There are a variety of ways to handle this... -- Use a spam catching service like Akismet (near the bottom of the article: http://net.tutsplus.com/tutorials/tools-and-tips/the-best-ways-to-fight-spam/) -- Use some sort of basic captcha (http://net.tutsplus.com/tutorials/php/build-your-own-captcha-and-contact-form/) -- check for invalid headers (bottom of the page, under the header "preventing spam": http://www.digital-web.com/articles/bulletproof_contact_form_with_php/) -- Use some sort of "honeypot" to catch bots. Basically, you add a form field to your form that is then hidden via CSS. If a user fills in information into that field and submits the form (thus, is a bot) you generate an error and ask them to resubmit. Or, do a search for "secure php contact form" and see what sort of examples that brings back. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted August 2, 2009 Report Share Posted August 2, 2009 One other option... if the emails are all being filled in from the same email address, or variations with the domain being the same, you could use PHP to check the email field, and generate an error if the email address matches the spam address. Quote Link to comment Share on other sites More sharing options...
judkels Posted August 2, 2009 Author Report Share Posted August 2, 2009 thanks for the help. Actually there is nothing filled in at all, just an empty email message returned with no data input in the name and message fields just the from "."@c2bthimr01.btconnect.com in the email header. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted August 2, 2009 Report Share Posted August 2, 2009 In that case, perhaps the simple if statement could be used, making sure all fields are filled in before the form is submitted? I notice that your form includes "onsubmit="MM_validateForm('name','','R','email','','RisEmail','message','','R');return document.MM_returnValue"" but that doesn't seem to be doing anything? Quote Link to comment Share on other sites More sharing options...
judkels Posted August 11, 2009 Author Report Share Posted August 11, 2009 I'm still struggling to get this right. re the "onsubmit="MM_validateForm('name','','R','email','','RisEmail','message','','R');return document.MM_returnValue"" that is something I added which makes a pop up box appear if all the fields aren't filled in giving an error message and reminding someone to fill in the fields. however this only works if someone has javascript enabled, with javascript disabled the messages gets sent. If that happens then I get one of the messages coming from "."@c2bthimr09.btconnect.com. I want to add a line somewhere in the php file that only sends if there is something in the fields. Anyone ideas? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.