Spam through PHP forms

[ballouta]

Hello

 

I have a very big problem in my website, i have several php form for people to fill them out.

I am now getting spam submitted forms, every time with different From email address, Subject and body!

I tried to make several filters but still getting more and more garbage emails.

I also tried to check the messages source throught the webmail client, but every time it shows a different IP, i traced the IPs and it showed it is from Germany!

I tried to call what I thought the hosting/ISP company but nothing happened.

 

My question is that HOW do I protect my forms in my site from being used by spammers? or they are (in fact) not being used but there's another way spammers are bothering me?

 

I appreciate your help ALL

Thank you

[seventheyejosh]

do you use captcha or another form of user verification?

[p2grace]

Would you ever expect to have customers from other countries?  If not you could also block international ip addresses (or those strictly from Germany)... otherwise captcha is the way to go.

[AwptiK]

If it's a bot, you could use CAPTCHA.

 

If it's one or more people and they're filling the form out properly (proper email@site.com and the other fields), then I don't know how to help that. Someone did suggest blocking international ips.

[ballouta]

hi all, i don't mind blocking international IP's but i need to see if this is available in my cpanel.

 

Actually i wrote for surpasshosting last month regarding this problem but they didn't provide any help, i don't like this company anyway anymore.

 

also note that i am getting correct format info in those forms, because i am using AJAX to validate the form, but as u said i am getting smthg like somone@site.com

but the email also contains:

Message: <a href=http://drugstore.gd/product/levaquin.html><img>http://overseas-pharmacys.info/pharma.jpg</img></a>

public health catawba county <a href=http://drugstore.gd/product/persantine.html>Order Persantine</a> best and safest diet pills <a href=http://drugstore.gd/product/avodart.html>Discount Avodart</a> bacterial infections intestinal http://drugstore.gd/product/ddavp-2-5ml.html diabetic stickers http://drugstore.gd/product/viramune.html wenger elete sleeping bag

failure canadian health care doctors conference <a href=http://drugstore.gd/product/cardarone.html>Buy Cardarone</a> pet medicine advice <a href=http://drugstore.gd/product/rogaine-5.html>Rogaine 5%</a> the importance of health education http://drugstore.gd/product/clarinex.html sotos syndrome  problem solving http://drugstore.gd/newsletter.html arthur court butterfly tea pot

<a href=http://drugstore.gd/product/pilagan-2.html>printable stress evaluation test</a>

 

Would you please provide an easy link for captcha so i use it maybe it helps me?

 

Thanks again

[p2grace]

Here's a list of some common captchas.

 

http://woork.blogspot.com/2009/02/10-free-captcha-scripts-and-services.html

[PFMaBiSmAd]

You need to do everything possible to insure that it is your form that is submitting to your form processing code, that only one submission is permitted per visit to a form page, and you need to validate all external data. That the subject is being altered either means that you are getting the subject from the form (a really bad idea) or that the form processing code is permitting header injection.

 

You must validate all data when it is received on the server. Using ajax to validate what is being entered won't stop a spammer and in fact bot scripts submit directly to your form processing code and could care less if you have any validation on your form page.

 

If you post your form processing code, someone can give you specific ideas that will help. Also, are you sure they are going through your form processing code or are they using a script file that has been placed on your server?

 

Adding a captcha can help, but if the benefit is great enough (your email server has not been banned yet by the major ISP's and it does not limit the number of emails sent) a captcha won't stop determined spammers.