ballouta Posted July 6, 2009 Share Posted July 6, 2009 Hello I have a very big problem in my website, i have several php form for people to fill them out. I am now getting spam submitted forms, every time with different From email address, Subject and body! I tried to make several filters but still getting more and more garbage emails. I also tried to check the messages source throught the webmail client, but every time it shows a different IP, i traced the IPs and it showed it is from Germany! I tried to call what I thought the hosting/ISP company but nothing happened. My question is that HOW do I protect my forms in my site from being used by spammers? or they are (in fact) not being used but there's another way spammers are bothering me? I appreciate your help ALL Thank you Quote Link to comment Share on other sites More sharing options...
seventheyejosh Posted July 6, 2009 Share Posted July 6, 2009 do you use captcha or another form of user verification? Quote Link to comment Share on other sites More sharing options...
p2grace Posted July 6, 2009 Share Posted July 6, 2009 Would you ever expect to have customers from other countries? If not you could also block international ip addresses (or those strictly from Germany)... otherwise captcha is the way to go. Quote Link to comment Share on other sites More sharing options...
AwptiK Posted July 6, 2009 Share Posted July 6, 2009 If it's a bot, you could use CAPTCHA. If it's one or more people and they're filling the form out properly (proper email@site.com and the other fields), then I don't know how to help that. Someone did suggest blocking international ips. Quote Link to comment Share on other sites More sharing options...
ballouta Posted July 6, 2009 Author Share Posted July 6, 2009 hi all, i don't mind blocking international IP's but i need to see if this is available in my cpanel. Actually i wrote for surpasshosting last month regarding this problem but they didn't provide any help, i don't like this company anyway anymore. also note that i am getting correct format info in those forms, because i am using AJAX to validate the form, but as u said i am getting smthg like somone@site.com but the email also contains: Message: <a href=http://drugstore.gd/product/levaquin.html><img>http://overseas-pharmacys.info/pharma.jpg</img></a> public health catawba county <a href=http://drugstore.gd/product/persantine.html>Order Persantine</a> best and safest diet pills <a href=http://drugstore.gd/product/avodart.html>Discount Avodart</a> bacterial infections intestinal http://drugstore.gd/product/ddavp-2-5ml.html diabetic stickers http://drugstore.gd/product/viramune.html wenger elete sleeping bag failure canadian health care doctors conference <a href=http://drugstore.gd/product/cardarone.html>Buy Cardarone</a> pet medicine advice <a href=http://drugstore.gd/product/rogaine-5.html>Rogaine 5%</a> the importance of health education http://drugstore.gd/product/clarinex.html sotos syndrome problem solving http://drugstore.gd/newsletter.html arthur court butterfly tea pot <a href=http://drugstore.gd/product/pilagan-2.html>printable stress evaluation test</a> Would you please provide an easy link for captcha so i use it maybe it helps me? Thanks again Quote Link to comment Share on other sites More sharing options...
p2grace Posted July 6, 2009 Share Posted July 6, 2009 Here's a list of some common captchas. http://woork.blogspot.com/2009/02/10-free-captcha-scripts-and-services.html Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 6, 2009 Share Posted July 6, 2009 You need to do everything possible to insure that it is your form that is submitting to your form processing code, that only one submission is permitted per visit to a form page, and you need to validate all external data. That the subject is being altered either means that you are getting the subject from the form (a really bad idea) or that the form processing code is permitting header injection. You must validate all data when it is received on the server. Using ajax to validate what is being entered won't stop a spammer and in fact bot scripts submit directly to your form processing code and could care less if you have any validation on your form page. If you post your form processing code, someone can give you specific ideas that will help. Also, are you sure they are going through your form processing code or are they using a script file that has been placed on your server? Adding a captcha can help, but if the benefit is great enough (your email server has not been banned yet by the major ISP's and it does not limit the number of emails sent) a captcha won't stop determined spammers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.