s0c0 Posted December 8, 2008 Share Posted December 8, 2008 Since I implemented a spam stopper I have not been receiving any emails via my contact form. Now I usually only received about 1 per month, but it was picking up in both legitimate and non-legitimate (spam) submissions recently until I implemented a simple security question "is this sun hot or cold" to stop spammers. http://www.cnizz.com/ Please go to this page, then click the contact link, and send an email. I'll reply to this post when i'd like you folks to stop testing it. Thanks in advanced. Link to comment Share on other sites More sharing options...
Maq Posted December 8, 2008 Share Posted December 8, 2008 Did you want us to say something specific? I just wrote that I was from phpfreaks... Link to comment Share on other sites More sharing options...
s0c0 Posted December 8, 2008 Author Share Posted December 8, 2008 I assume you're Tim. In any case thanks. I figured it worked, just need to work on SEO and marketing when I get some down time. No need to send any more tests folks, thanks! Link to comment Share on other sites More sharing options...
Adam Posted December 9, 2008 Share Posted December 9, 2008 In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though.. If you'd like another I'd also give them options for where they found your site. If they see an empty box where they have to manually type something in that's not required, may just pass over it.. A Link to comment Share on other sites More sharing options...
Maq Posted December 9, 2008 Share Posted December 9, 2008 In my opinion, I'd put the spam-stopping question separate to the rest of the form. Let the user know why they need to say the sun is 'hot' .. Some potential customers could be a bit like.. "what the hell?" think you're a bit random or something! Just a design point though.. This is actual a normal anti-spam strategy. I think this is fine. You should put a side note that states it filters out spammers. I assume you're Tim. And yes, that's me. Link to comment Share on other sites More sharing options...
darkfreaks Posted December 9, 2008 Share Posted December 9, 2008 your contact form is unsafe try the following function on all your variables. <?php function clean($var){ $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); return filter_var($var,FILTER_SANITIZE_STRING); }?> Link to comment Share on other sites More sharing options...
s0c0 Posted December 10, 2008 Author Share Posted December 10, 2008 your contact form is unsafe try the following function on all your variables. <?php function clean($var){ $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); return filter_var($var,FILTER_SANITIZE_STRING); }?> Why is it not secure? It sends an email, there is no risk of SQL injection. Thank you for making me aware of the filter_var function though, I had no idea it existed. Link to comment Share on other sites More sharing options...
darkfreaks Posted December 11, 2008 Share Posted December 11, 2008 it may not have a database but it still can send you "spam" in the email and nasty code. it makes your form safer and more efficient Link to comment Share on other sites More sharing options...
Recommended Posts