contact us form and robots

[judkels]

I have a simple contact us form and a php file. While it seems to work ok when I tested it what has started to happen is that I'm getting messages arriving from "."@c2bthimr01.btconnect.com with no information filled in the message ie Name:

Message:

 

I am assuming this is some sort of robot. What can I do to stop this happpening.

This is my form:

 

Your name:

Your email address:

 

Your message:

 

 

 

 

 

 

This is my php file

 

 

<?php

$email_to = "webmaster@xxxxx.co.uk";

$name = $_POST["name"];

$email_from = $_POST["email"];

$message = $_POST["message"];

$email_subject = "Feedback from website";

$headers =

"From: $email_from .\n";

"Reply-To: $email_from .\n";

$message = "Name: ". $name . "\r\nMessage: " . $message;

ini_set("sendmail_from", $email_from);

$sent = mail($email_to, $email_subject, $message, $headers, "-f" .$email_from);

if ($sent)

{

header("Location: http://www.xxxx.co.uk/thankyou.html\");

} else {

echo "There has been an error sending your comments. Please try later.";

}

?>

[falkencreative]

There are a variety of ways to handle this...

 

-- Use a spam catching service like Akismet (near the bottom of the article: http://net.tutsplus.com/tutorials/tools-and-tips/the-best-ways-to-fight-spam/)

-- Use some sort of basic captcha (http://net.tutsplus.com/tutorials/php/build-your-own-captcha-and-contact-form/)

-- check for invalid headers (bottom of the page, under the header "preventing spam": http://www.digital-web.com/articles/bulletproof_contact_form_with_php/)

-- Use some sort of "honeypot" to catch bots. Basically, you add a form field to your form that is then hidden via CSS. If a user fills in information into that field and submits the form (thus, is a bot) you generate an error and ask them to resubmit.

 

Or, do a search for "secure php contact form" and see what sort of examples that brings back.

[falkencreative]

One other option... if the emails are all being filled in from the same email address, or variations with the domain being the same, you could use PHP to check the email field, and generate an error if the email address matches the spam address.

[judkels]

thanks for the help. Actually there is nothing filled in at all, just an empty email message returned with no data input in the name and message fields just the from "."@c2bthimr01.btconnect.com in the email header.

[falkencreative]

In that case, perhaps the simple if statement could be used, making sure all fields are filled in before the form is submitted?

 

I notice that your form includes "onsubmit="MM_validateForm('name','','R','email','','RisEmail','message','','R');return document.MM_returnValue"" but that doesn't seem to be doing anything?

[judkels]

I'm still struggling to get this right.

 

re the "onsubmit="MM_validateForm('name','','R','email','','RisEmail','message','','R');return document.MM_returnValue"" that is something I added which makes a pop up box appear if all the fields aren't filled in giving an error message and reminding someone to fill in the fields. however this only works if someone has javascript enabled, with javascript disabled the messages gets sent. If that happens then I get one of the messages coming from "."@c2bthimr09.btconnect.com. I want to add a line somewhere in the php file that only sends if there is something in the fields. Anyone ideas?