PicnicTutorials Posted January 26, 2009 Report Posted January 26, 2009 I'm getting spammed to death. Ben gave me this solution in the old forum a while ago, but I never wrote it down - and I can't find it. I just want to add something simple to my form (Like 2 + 3 = ?) I think that should take care of most of the spam bots. Can anyone share the php code to make that happen so that I can add that to my form. So if the answer doesn't equal 5 then it spits back an error. If it does, then the form processes as normal. Let me know if you need to see my script. Thanks! Quote
Andrea Posted January 26, 2009 Report Posted January 26, 2009 Do you get actual spam (as in real content)? For a while I kept getting someone just entering stuff like: Name: fldj;jl;sjklfjslfjd;as Email: dfjkldkfjdlj@ldjdfljdl.com (both required fields) -- but I only got maybe 5 of those silly things. I't using tectite, btw. Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 Do you get actual spam (as in real content)? For a while I kept getting someone just entering stuff like: Name: fldj;jl;sjklfjslfjd;as Email: dfjkldkfjdlj@ldjdfljdl.com (both required fields) -- but I only got maybe 5 of those silly things. I't using tectite, btw. Hi Thelma, I wouldn't mind those kind so much. That's probably people just testing out the form. But I keep getting the same kind of spam. I think my form has been put on a easy spammer list or something. I keep getting the kind that has links in the comments section to porn sites and stuff. Makes me think they're using my form to spam others. Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 Should be pretty simple... -- add a form field that users will use to enter in the answer of 2+2, and give it a name of "spam" -- in the processing code, do something along the lines of this: $spam = $_POST['spam']; (you'll probably want to do some basic data sanitation for this line) if ($spam == 4) { // success, continue processing } else { // failure, show error } Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 I will point out that how much this will reduce your spam may depend on who is hitting your contact form... I'm getting a bit of spam too, but it's "valid", at least, in the sense that all the correct fields are being filled in. Looks like it is an actual person doing the spamming, rather than a bot, which is much harder to catch. If you are getting spam that includes text like: "link=" and "url=", I have a PHP statement that catches that: if (preg_match("{link=}", $content) || preg_match("{url=}", $content)) { // error } It checks for a matched bit of text (in this case, in the $content variable, though you can change that to whatever variable you are using), and if it finds it, it displays an error. Similarly, you can also use a regular expression to check if a field has any letters in it (A-Z, or a-z) This can be useful if you have a "phone" field that shouldn't have any letters in it. That particular field on my website was getting spammed with random letters/urls. if (preg_match("{[A-Za-z]}", $phone)) { // error } The advantage of this code is that it still allows the user to input the phone number in different formats. For example, these will all be valid: (000) 000 0000 000-000-0000 000.000.0000 000-000 etc. Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 Awesome - thanks! I'll try and piece together that into my form. If I run into trouble I'll let you know. Question though, what do you think? Why the elaborit spam control most have. You know, all the letters you can hardly read. Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...? Quote
Susie Posted January 26, 2009 Report Posted January 26, 2009 (edited) There are some captchas that are not difficult to read. I think the one on my site is pretty easy on the eyes. And I think the idea there (using the images) is that computers can't "read" the images so it must be a real person filling in the form. (I know you know that...just thinking aloud here ). Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", or "Is fire hot or cold?" I've seen some use that kind of thing... Have you checked out Mike Cherim's contact form script? ETA: Oops! Here's a more current version. Edited January 26, 2009 by Susie Quote
Andrea Posted January 26, 2009 Report Posted January 26, 2009 Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", . Any bets on how long it'll be before Kyle swoops in and reminds you of the colorblind folks :lol: Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 Awesome - thanks! I'll try and piece together that into my form. If I run into trouble I'll let you know. Question though, what do you think? Why the elaborit spam control most have. You know, all the letters you can hardly read. Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...? I don't know how smart a bot would be... If you really wanted to get fancy, you could generate random numbers dynamically every time the page was loaded (for example, generate 2 numbers that are between 0 and 9) and then ask the user to add them together. Personally, I don't like any method that makes it more difficult for real users to fill out the form. I really don't like CAPTCHA's, especially the harder ones that even I get wrong, and I'm not really a fan of the above method if the math starts getting more difficult. My personal method is to add a "spamtrap" field to my form, a field that his hidden by default from normal users, and will only appear to bots or screenreaders (screenreaders will read a message asking users to leave the field blank.) From what I have read, most bots work by filling in all fields they encounter. This way, if they encounter a field (even if it is hidden) they will fill in some sort of value for it. If they see my spamtrap field and enter a value, an error will be generated and the form won't be submitted until that particular field is left blank. At the moment, this is my favorite method. It seems to work for the most part, and doesn't require legit users to do any more work, so they have a better user experience. I don't mind a little bit of human generated spam if real users aren't affected. Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 Cool, I just saw you edit! Thank you Ben, that is very helpful code - exactly what I need! I still know next to nill when it comes to PHP. So, I'll post back if I can't figure it out. I "should" be able to get by by trial-and-error. We'll see... Quote
tpattison Posted January 26, 2009 Report Posted January 26, 2009 Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...? I would look at it as being different "levels" of bot protection. Most bots may only be capable of correctly filling out an email address if the field's id or name is "email" and may just put any old junk in the field which can easily be caught with a bit of regular expression-based PHP. Some bots will only be capable of filling in a basic form with Name, Email, Message fields and fall over on questions requesting specific answers, like 2+2, even if it is not in an image. Others may be able to work out sums if it sees them but only as proper text. Some bots may even be able to "read" the text in Captcha images but will be very complex programs. Quote
Susie Posted January 26, 2009 Report Posted January 26, 2009 Anyway' date=' instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", .[/quote'] Any bets on how long it'll be before Kyle swoops in and reminds you of the colorblind folks :lol: I ARE one of the colorblind folks! I may not see green when I look at the grass, but I know it's green. Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 After reading over your posts, so far, I'm thinking I'm just going to add a field that asks 2 plus 2, and then add your no link cleaner. That should take care of most with minimal work on my part and minimal work on the users part. Thanks a lot! Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 There are some captchas that are not difficult to read. I think the one on my site is pretty easy on the eyes. And I think the idea there (using the images) is that computers can't "read" the images so it must be a real person filling in the form. (I know you know that...just thinking aloud here ). Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", or "Is fire hot or cold?" I've seen some use that kind of thing... Have you checked out Mike Cherim's contact form script? ETA: Oops! Here's a more current version. That is a good idea, and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive? Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 That is a good idea, and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive? I probably wouldn't suggest route, simply because of language difficulties. If you do want to do that, I'd actually use the full script, since it (apparently) includes language options for non English speakers. Quote
PicnicTutorials Posted January 26, 2009 Author Report Posted January 26, 2009 That is a good idea' date=' and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive?[/quote'] I probably wouldn't suggest route, simply because of language difficulties. If you do want to do that, I'd actually use the full script, since it (apparently) includes language options for non English speakers. True... Quote
monkeysaurus Posted January 26, 2009 Report Posted January 26, 2009 There are easier, more accessible and more usable alternatives to captchas. I posted this on the old forum, but this is such a good read that I'm going to post it again. It will change your thinking on captchas completely. http://www.landauer.at/preventing-spam-in-form-submissions-without-using-a-captcha.php Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 But as far as the PHP goes, you'd need to add quotes around the value, and yes, it is case sensitive. You could use a basic regular expression using preg_match() or just have multiple if statements to catch both "green" and "Green". if ($spam == "green") { } Quote
falkencreative Posted January 26, 2009 Report Posted January 26, 2009 There are easier, more accessible and more usable alternatives to captchas. I posted this on the old forum, but this is such a good read that I'm going to post it again. It will change your thinking on captchas completely. http://www.landauer.at/preventing-spam-in-form-submissions-without-using-a-captcha.php That's a useful link -- I may actually use the php/database solution that the link talked about for a blog script I am writing. Hopefully it will reduce comment spam. Quote
monkeysaurus Posted January 26, 2009 Report Posted January 26, 2009 Alternatively, you could look at ReCaptcha - accessible to vision-impaired users (if not necessarily those with mental disabilities), secure, and easy to add to your site. You pays your money and makes your choice, I suppose. Quote
sjhwebdesign Posted January 26, 2009 Report Posted January 26, 2009 i put a warning on my contact form that displays their ip address, hopefully scares off the human spammers eg.. * This form is for Your Business inquiries only - Please DO NOT send anytype of advertising or spam as you will be wasting your time.Your IP Address is : <? echo $_SERVER['REMOTE_ADDR']; ?> - If you are sending spam I will take legal action. Quote
sjhwebdesign Posted January 26, 2009 Report Posted January 26, 2009 put at top of form: <? $randnum1 = mt_rand(5, 100); $randnum2 = mt_rand(5, 100); $answer = $randnum1 + $randnum2; ?> in the form: What is <? echo $randnum1; ?> + <? echo $randnum2; ?> ? in the form processing part: <? $realanswer = $_POST['realanswer']; $theiranswer = $_POST['theiranswer']; if ($realanswer==$theiranswer) { process the form } else { tell them to bog off } ?> Quote
PicnicTutorials Posted January 27, 2009 Author Report Posted January 27, 2009 (edited) See this is the stuff I keep getting recently. A human I think? Unless bots put names in now too... Kim to me This message was sent from: http://ww w.visibi lityin herit.com/cont act.php Name: Kim Phone: PfKNsawPeid Email: ki23 566@gm ail.com Website: ht tp://blo gs.mail. ru/mail/yuri 3525 Comments: he said, stubbornly happen if I let her wake? She'd runregistered sex offenders in my area give her the choice?"listened she'd believe me?Will. You must know that.I, well... I don't http://blogs .mail.ru/mail/yu ri3525/5410 584861FF F173.h tml Edited January 27, 2009 by Eric Quote
falkencreative Posted January 27, 2009 Report Posted January 27, 2009 See this is the stuff I keep getting recently. A human I think? Unless bots put names in now too... Kim to me This message was sent from: http://ww w.visibi lityin herit.com/cont act.php Name: Kim Phone: PfKNsawPeid Email: ki23 566@gm ail.com Website: ht tp://blo gs.mail. ru/mail/yuri 3525 Comments: he said, stubbornly happen if I let her wake? She'd runregistered sex offenders in my area give her the choice?"listened she'd believe me?Will. You must know that.I, well... I don't http://blogs .mail.ru/mail/yu ri3525/5410 584861FF F173.h tml You could use if (preg_match("{http://}", $content)) { // error } to catch that, but it would also block legitimate users as well from posting URL's... There really isn't an ideal solution for you, since technically, the form is being filled in correctly. Quote
PicnicTutorials Posted January 28, 2009 Author Report Posted January 28, 2009 (edited) Alright, I'm getting better at this PHP stuff than I thought. I added it all - the phone one (A-Z a-z), all the $comments ones (url=, link=, http://), and the 2 + 2 = ?. It all works perfect! That "should" help a lot. Thanks Everyone for you help! Edited January 28, 2009 by Eric Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.