Securing sendmail script

[lgh1987]

Hi guys,

 

I am having a few problems with the script I am using to process webforms. I have an intermittent run of spam which fills out the webform with random text. The spammer does not inject into the headers, i.e no bcc added.

I use the same form basis on a number of customer websites.

 

Can you help me make this script securer? An easier way would be to add the CAPTCHA system which solved the problem on a previous website, however this particular customer doesnt want me to implement CAPTCHA.

 

Anyway, any help is much apreciated. Thanks.

 

This is an example email customers recieve:

 

Name : fmevwtsfe

Email address : [email protected]

Telephone number: 30162583041

 

Message subject :

 

Customer message : Gu5YZp matfjffzrkoj, uitkmqyunlxc, [link=http://ybwmdklznwkd.com/]ybwmdklznwkd[/link], http://qdzyrohmewwj.com/

 

Booking Enquiry Details (if applicable):

 

Number of Adults : CrVbsJmQHqP

Number of Children : sPUgnLTFrqoq

Staying for EGbKXqXNKOZKPTh nights.

 

Check-in date : SPXKcuHdjeAiNYR

Check-out date : KhJXuVfS

Are these dates flexible?

 

Preferred quotation currency : Quote in UK pounds

 

This is the php script I am using:

 

<?php

 

  $name = $_REQUEST['name'] ;

  $email = $_REQUEST['email'] ;

  $telephone = $_REQUEST['telephone'] ;

  $message = $_REQUEST['message'] ;

  $subject1 = $_POST['subject1'] ;

  $adults = $_REQUEST['adults'] ;

  $children = $_REQUEST['children'] ;

  $nights = $_REQUEST['nights'] ;

  $month_arrive = $_POST['month_arrive'] ;

  $day_arrive = $_POST['day_arrive'] ;

  $year_arrive = $_POST['year_arrive'] ;

  $month_depart = $_POST['month_depart'] ;

  $day_depart = $_POST['day_depart'] ;

  $year_depart = $_POST['year_depart'] ;

  $flexibility = $_POST['flexibility'] ;

  $currency = $_POST['currency'] ;

  $calendar_arrive = $_REQUEST['calendar_arrive'] ;

  $calendar_depart = $_REQUEST['calendar_depart'] ;

 

$to = "[email protected]";

$subject = "Enquiry for Website.";

$MsgHeader = "From: Website <$email>\n";

$MsgHeader .= "Bcc: <[email protected]> r\n";

$MsgHeader .= "MIME-Version: 1.0\n";

$MsgHeader .= "Content-type: text/html; charset=iso-8859-1\n";

$MsgBody = "

<html>

<head>

<title>Mail title</title>

</head>

<body>

 

<table style='padding-left:20px'>

<tr><td> </td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Name : $name</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Email address : $email</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Telephone number: $telephone</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Message subject : $subject1</font></font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Customer message : $message</font></font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Booking Enquiry Details (if applicable):</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Number of Adults : $adults</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Number of Children : $children</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Staying for $nights nights.</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Check-in date : $month_arrive $day_arrive $year_arrive $calendar_arrive</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Check-out date : $month_depart $day_depart $year_depart $calendar_depart</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Are these dates flexible? $flexibility</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>&nbsp</font></td></tr>

<tr><td><font style='font-size: 13px' style='font-family: Tahoma, Arial'>Preferred quotation currency : $currency</font></td></tr>

 

 

 

<tr><td> </td></tr>

</table>

 

</body>

</html>";

 

 

if (!isset($_REQUEST['email'])) {

    header( "Location: http://error.html" );

  }

  elseif (empty($email) || empty($message) || empty($name)) {

 

    header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );

    header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );

    header( "Cache-Control: no-cache, must-revalidate" );

    header( "Pragma: no-cache" );

    header( "Location: http://error.html" );

   

}

 

else {

    mail($to, $subject, $MsgBody, $MsgHeader);

    header("Location: http:/thankyou.html");

}

?>

[lgh1987]

Anyone have any thoughts on this?

[mattyvx]

im lookin at something similar. The below code creates a random number every 10 mins between 10001-99999,

 

$seed=(int)(time()/600);
srand($seed);
$rand = rand(10001,99999);

 

in my form I have a field which is called userrand which has the caption "Type this number <?php echo $rand; ?>".

 

then when the form is submitted it checks if the user entered the correct random number;

 

if($rand != $userrand)
  {
$error = "yes";
$errormsg['Random'] = "Please complete the random number field<br/>";
  }

 

(the error messages are checked and printed at the end of the validation)

 

I'm not really up to scratch with spam prevention sooo some open questions are;

 

Will the above prevent spam bots and to what extent?

How can i improve this basic checking script?