Jump to content
UncleStef Mentoring Update: New SEO course!

I'm getting spammed to death.

PicnicTutorials

By PicnicTutorials
in PHP

 Share

Recommended Posts

PicnicTutorials Newbie

PicnicTutorials

Posted
Posted

I'm getting spammed to death. Ben gave me this solution in the old forum a while ago, but I never wrote it down - and I can't find it.

 

I just want to add something simple to my form (Like 2 + 3 = ?) I think that should take care of most of the spam bots. Can anyone share the php code to make that happen so that I can add that to my form. So if the answer doesn't equal 5 then it spits back an error. If it does, then the form processes as normal. Let me know if you need to see my script. Thanks! :)

Link to comment
Share on other sites
Andrea Newbie

Andrea

Posted
Posted

Do you get actual spam (as in real content)? For a while I kept getting someone just entering stuff like:

 

Name: fldj;jl;sjklfjslfjd;as

 

Email: dfjkldkfjdlj@ldjdfljdl.com

 

(both required fields) -- but I only got maybe 5 of those silly things. I't using tectite, btw.

Link to comment
Share on other sites
PicnicTutorials Newbie

PicnicTutorials

Posted
  • Author
Posted
Do you get actual spam (as in real content)? For a while I kept getting someone just entering stuff like:

 

Name: fldj;jl;sjklfjslfjd;as

 

Email: dfjkldkfjdlj@ldjdfljdl.com

 

(both required fields) -- but I only got maybe 5 of those silly things. I't using tectite, btw.

 

Hi Thelma,

 

I wouldn't mind those kind so much. That's probably people just testing out the form. But I keep getting the same kind of spam. I think my form has been put on a easy spammer list or something. I keep getting the kind that has links in the comments section to porn sites and stuff. Makes me think they're using my form to spam others.

Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted

Should be pretty simple...

 

-- add a form field that users will use to enter in the answer of 2+2, and give it a name of "spam"

-- in the processing code, do something along the lines of this:

 

$spam = $_POST['spam']; (you'll probably want to do some basic data sanitation for this line)

if ($spam == 4)
{
   // success, continue processing
}
else
{
   // failure, show error
}

Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted

I will point out that how much this will reduce your spam may depend on who is hitting your contact form... I'm getting a bit of spam too, but it's "valid", at least, in the sense that all the correct fields are being filled in. Looks like it is an actual person doing the spamming, rather than a bot, which is much harder to catch.

 

If you are getting spam that includes text like: "link=" and "url=", I have a PHP statement that catches that:

 

if (preg_match("{link=}", $content) || preg_match("{url=}", $content))
{
   // error
}

 

It checks for a matched bit of text (in this case, in the $content variable, though you can change that to whatever variable you are using), and if it finds it, it displays an error.

 

Similarly, you can also use a regular expression to check if a field has any letters in it (A-Z, or a-z) This can be useful if you have a "phone" field that shouldn't have any letters in it. That particular field on my website was getting spammed with random letters/urls.

 

if (preg_match("{[A-Za-z]}", $phone))
{
   // error
}

 

The advantage of this code is that it still allows the user to input the phone number in different formats. For example, these will all be valid:

 

(000) 000 0000

000-000-0000

000.000.0000

000-000

etc.

Link to comment
Share on other sites
PicnicTutorials Newbie

PicnicTutorials

Posted
  • Author
Posted

Awesome - thanks! I'll try and piece together that into my form. If I run into trouble I'll let you know.

 

Question though, what do you think? Why the elaborit spam control most have. You know, all the letters you can hardly read. Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...?

Link to comment
Share on other sites
Susie Newbie

Susie

Posted
Posted (edited)

There are some captchas that are not difficult to read. I think the one on my site is pretty easy on the eyes. And I think the idea there (using the images) is that computers can't "read" the images so it must be a real person filling in the form. (I know you know that...just thinking aloud here ;) ). Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", or "Is fire hot or cold?" I've seen some use that kind of thing...

 

Have you checked out Mike Cherim's contact form script?

 

ETA: Oops! Here's a more current version.

Edited by Susie
Link to comment
Share on other sites
Andrea Newbie

Andrea

Posted
Posted
Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", .
Any bets on how long it'll be before Kyle swoops in and reminds you of the colorblind folks :lol: :lol: :lol:
Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted
Awesome - thanks! I'll try and piece together that into my form. If I run into trouble I'll let you know.

 

Question though, what do you think? Why the elaborit spam control most have. You know, all the letters you can hardly read. Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...?

 

I don't know how smart a bot would be... If you really wanted to get fancy, you could generate random numbers dynamically every time the page was loaded (for example, generate 2 numbers that are between 0 and 9) and then ask the user to add them together.

 

Personally, I don't like any method that makes it more difficult for real users to fill out the form. I really don't like CAPTCHA's, especially the harder ones that even I get wrong, and I'm not really a fan of the above method if the math starts getting more difficult.

 

My personal method is to add a "spamtrap" field to my form, a field that his hidden by default from normal users, and will only appear to bots or screenreaders (screenreaders will read a message asking users to leave the field blank.) From what I have read, most bots work by filling in all fields they encounter. This way, if they encounter a field (even if it is hidden) they will fill in some sort of value for it. If they see my spamtrap field and enter a value, an error will be generated and the form won't be submitted until that particular field is left blank.

 

At the moment, this is my favorite method. It seems to work for the most part, and doesn't require legit users to do any more work, so they have a better user experience. I don't mind a little bit of human generated spam if real users aren't affected.

Link to comment
Share on other sites
tpattison Newbie

tpattison

Posted
Posted
Can a bot add 2 plus 2? Because if it's a human spamming then it doesn't matter. So... if they "can" add 2 plus 2 then would it be better to use an image of 2 plus 2 instead. Not very assesable though I'd imagine. Or should I do a slightly harder question, like 15 divided by 3? Thought...?

I would look at it as being different "levels" of bot protection.

 

Most bots may only be capable of correctly filling out an email address if the field's id or name is "email" and may just put any old junk in the field which can easily be caught with a bit of regular expression-based PHP.

 

Some bots will only be capable of filling in a basic form with Name, Email, Message fields and fall over on questions requesting specific answers, like 2+2, even if it is not in an image.

 

Others may be able to work out sums if it sees them but only as proper text.

 

Some bots may even be able to "read" the text in Captcha images but will be very complex programs.

Link to comment
Share on other sites
Susie Newbie

Susie

Posted
Posted
Anyway' date=' instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", .[/quote'] Any bets on how long it'll be before Kyle swoops in and reminds you of the colorblind folks :lol: :lol: :lol:

 

I ARE one of the colorblind folks! :lol::D I may not see green when I look at the grass, but I know it's green. :D

Link to comment
Share on other sites
PicnicTutorials Newbie

PicnicTutorials

Posted
  • Author
Posted
There are some captchas that are not difficult to read. I think the one on my site is pretty easy on the eyes. And I think the idea there (using the images) is that computers can't "read" the images so it must be a real person filling in the form. (I know you know that...just thinking aloud here ;) ). Anyway, instead of using math problems, what about answers to simple questions like, "What color is grass?" or "What color is snow?", or "Is fire hot or cold?" I've seen some use that kind of thing...

 

Have you checked out Mike Cherim's contact form script?

 

ETA: Oops! Here's a more current version.

 

That is a good idea, and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive?

Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted
That is a good idea, and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive?

 

I probably wouldn't suggest route, simply because of language difficulties. If you do want to do that, I'd actually use the full script, since it (apparently) includes language options for non English speakers.

Link to comment
Share on other sites
PicnicTutorials Newbie

PicnicTutorials

Posted
  • Author
Posted
That is a good idea' date=' and thanks for the link! If I went that route, instead of the 2 plus 2 route, would the code be the same (i.e. if ($spam == green) )? With this code, is green case sensitive?[/quote']

 

I probably wouldn't suggest route, simply because of language difficulties. If you do want to do that, I'd actually use the full script, since it (apparently) includes language options for non English speakers.

 

True...

Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted
There are easier, more accessible and more usable alternatives to captchas.

 

I posted this on the old forum, but this is such a good read that I'm going to post it again. It will change your thinking on captchas completely.

 

http://www.landauer.at/preventing-spam-in-form-submissions-without-using-a-captcha.php

 

That's a useful link -- I may actually use the php/database solution that the link talked about for a blog script I am writing. Hopefully it will reduce comment spam.

Link to comment
Share on other sites
sjhwebdesign Newbie

sjhwebdesign

Posted
Posted

i put a warning on my contact form that displays their ip address, hopefully scares off the human spammers eg..

 

* This form is for Your Business inquiries only - Please DO NOT send anytype of advertising or spam as you will be wasting your time.Your IP Address is : <? echo $_SERVER['REMOTE_ADDR']; ?> - If you are sending spam I will take legal action.

Link to comment
Share on other sites
sjhwebdesign Newbie

sjhwebdesign

Posted
Posted

put at top of form:

 

 

<?

$randnum1 = mt_rand(5, 100);

$randnum2 = mt_rand(5, 100);

$answer = $randnum1 + $randnum2;

?>

 

 

in the form:

 

What is <? echo $randnum1; ?> + <? echo $randnum2; ?> ?

 

 

in the form processing part:

<?

$realanswer = $_POST['realanswer'];

$theiranswer = $_POST['theiranswer'];

if ($realanswer==$theiranswer) {

 

process the form

 

}

else

{

 

tell them to bog off

 

}

?>

Link to comment
Share on other sites
PicnicTutorials Newbie

PicnicTutorials

Posted
  • Author
Posted (edited)

See this is the stuff I keep getting recently. A human I think? Unless bots put names in now too...

 

Kim to me

 

This message was sent from:

http://ww w.visibi lityin herit.com/cont act.php

 

Name: Kim

 

Phone: PfKNsawPeid

 

Email: ki23 566@gm ail.com

 

Website: ht tp://blo gs.mail. ru/mail/yuri 3525

 

Comments: he said, stubbornly happen if I let her wake? She'd runregistered sex offenders in my area

 

give her the choice?"listened she'd believe me?Will. You must know that.I, well... I don't http://blogs .mail.ru/mail/yu ri3525/5410 584861FF F173.h tml

Edited by Eric
Link to comment
Share on other sites
falkencreative Newbie

falkencreative

Posted
Posted
See this is the stuff I keep getting recently. A human I think? Unless bots put names in now too...

 

Kim to me

 

This message was sent from:

http://ww w.visibi lityin herit.com/cont act.php

 

Name: Kim

 

Phone: PfKNsawPeid

 

Email: ki23 566@gm ail.com

 

Website: ht tp://blo gs.mail. ru/mail/yuri 3525

 

Comments: he said, stubbornly happen if I let her wake? She'd runregistered sex offenders in my area

 

give her the choice?"listened she'd believe me?Will. You must know that.I, well... I don't http://blogs .mail.ru/mail/yu ri3525/5410 584861FF F173.h tml

 

You could use

 

if (preg_match("{http://}", $content))
{
   // error
}

 

to catch that, but it would also block legitimate users as well from posting URL's... There really isn't an ideal solution for you, since technically, the form is being filled in correctly.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...