Jump to content

Recommended Posts

I recently built a contact form for my employers corporate site and it was fine until a week or so ago.  Suddenly I started getting tons of SEO spam from various different bots it seems.  I immediately installed a reCaptcha and also a blank dummy field to try and catch spammers.  Neither of these items seemed to work so I made a list ditch effort to try and make a "no-javascript" catch since most bots can't use javascript.  This didn't work either!  Any ideas what I could do from this point, I'm kind of limited by GoDaddy's hosting which doesn't allow my to use the standard mail() function.  I have to use some of their code to make the php mail work...  Here is the current code I am using.  Could somebody please give me a suggestion about what I am doing wrong?  I'm fairly new to PHP.  Thank you in advance! 

 

Both of these files are missing the reCaptcha keys for my security.  I promise I usually have them in there.

 

Contact.php - I left out the Javascript in the header which removes the "spambot" input field if Javascript is enabled.

<div class="pageDetail">
				<?php
					if (isset($_GET['success'])) 
					{
						$success = $_GET['success'];
							if($success=="yes")
							{
								echo '<p class="yay">Thank you for submitting your message! We will get back to your as soon as possible.</p>';
							}
							if($success=="spam")
							{
								echo '<p class="oops">Sorry, your message did not send.</p>';
							}
					}
				?>
				<form action="contactAction.php" method="post" id="contact" name="contact">
					<fieldset>
						<legend><h2>Contact DigitalTown</h2></legend>
						<input type="hidden" name="subject" value="Form Submission" />
						<input type="hidden" name="redirect" value="contact.php?success=yes" />
						<label for="name">Name</label>
						<input type="text" id="name" name="name" class="required" minlength="2"/>

						<label for="email">E–mail</label>
						<input type="text" id="email" name="email" class="required email"/>

						<label for="message">Message</label>
						<textarea id="message" name="message" cols="50" rows="10" class="required"></textarea>

						<label>Special</label>
						<div class="security">
							<?php
							require_once('recaptchalib.php');
							$publickey = " My Public Key is in here"; // you got this from the signup page
							echo recaptcha_get_html($publickey);
							?>
						</div>
						<input type="text" name="question" class="question" value="">
						<input class="spam" name="spambot" type="hidden" value="contact.php?success=spam" />
						<button type="submit">Send</button>

					</fieldset>
				</form>
			</div>

 

contactAction.php

<?php
if (isset($_POST['spambot'])) {
    // redirect user to location specified in spambot
    header("Location: http://" . $_SERVER["HTTP_HOST"] . "/" . $_POST['spambot']);
    die();
}

if(!empty($_POST['question']))
{ 
die('Something went wrong, please try again.'); 
}
else
{
/* start recaptcha code */
require_once('recaptchalib.php');
$privatekey = "My Private key is here";
$resp = recaptcha_check_answer ($privatekey,
								$_SERVER["REMOTE_ADDR"],
								$_POST["recaptcha_challenge_field"],
								$_POST["recaptcha_response_field"]);

	if (!$resp->is_valid) 
	{
		die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
		"(reCAPTCHA said: " . $resp->error . ")");
	}
	else
	{
		$request_method = $_SERVER["REQUEST_METHOD"];
		if($request_method == "GET")
		{
			$query_vars = $_GET;
		} 
		elseif ($request_method == "POST")
		{
			$query_vars = $_POST;
		}

		reset($query_vars);
		$t = date("U");
		$file = $_SERVER['DOCUMENT_ROOT'] . "\ssfm\gdform_" . $t;
		$fp = fopen($file,"w");

		while (list ($key, $val) = each ($query_vars)) 
		{
			fputs($fp,"<GDFORM_VARIABLE NAME=$key START>\r\n"); 
			fputs($fp,"$val\r\n");
			fputs($fp,"<GDFORM_VARIABLE NAME=$key END>\r\n");
			if ($key == "redirect") 
			{ 
				$landing_page = $val;
			}
		}

		fclose($fp);

		if ($landing_page != "")
		{
			header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
		} 
		else 
		{
			header("Location: http://".$_SERVER["HTTP_HOST"]."/");
		}
	}
/* end recaptcha code */
} 
?>

Link to comment
https://forums.phpfreaks.com/topic/186073-spam-problem-with-contact-form-php/
Share on other sites

It's probably humans filling out your form. Humans tend to pass a "Completely Automated Public Turing test to tell Computers and Humans Apart" (aka CAPTCHA).

 

Oh man, that is not good news.  I was wondering that myself since nothing seems to be working to keep them out.  I'm getting 20-30 spam emails a day about this....  Is there a way I could at least filter them if they mention "SEO" or "White-hat techniques?"

I haven't gotten too far in implementing Askimet yet, but I have quick question.  These must be still bots that are spamming my site because I'm getting 40 emails per day about the exact same thing.  How are they getting through all of these security measures?  Is it because I am not stripping tags from the PHP variables?  How could I do that?  Thanks for helping a newbie again.

 

Here is an examples of the Spam I'm getting..  They are all SEO related.

 

email: [email protected]

message: SEO,,Do you wish you could increase your online leads?,,Getting a GUARANTEED 1ST PAGE GOOGLE RANKING is easier and more cost-effective than you might think.,We have helped a lot of businesses thrive in this market and we can help you!?Simply hit reply and I?ll share with you the cost and the benefits See you at the top!

name: Anthony Burgess

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.