Mailform basic spam protection...

[bertalizer]

Hi
The mailform that gets created by phpwcms is great, but it shows the recipient address in the page. Spam bots can get the address.
I've changed the code a bit so the address get's "disguised".

in content.article.inc.php on 777, replace this

Code: Select all

$content["main"] .= "<input type=\"hidden\" name=\"recipient\" value=\"".$cform[2]."\">";

with

Code: Select all

$content["main"] .= "<input type=\"hidden\" name=\"recipient\" value=\"".str_replace("@", "OnFollowingServeR", $cform[2])."\">";

And in act_formmailer replace line 78

Code: Select all

$recipient = trim($_POST["recipient"]);

with

Code: Select all

$recipient = str_replace("OnFollowingServeR", "@", trim($_POST["recipient"]));

You can change OnFollowingServeR to whathever you want, but just make sure it wouldn't be something that could be a part of a real address.

So what this hack does:
The mailform gets the recipient address from a hidden field in the page, like this:

Code: Select all

<input type="hidden" name="recipient" value="bert@someserver.ext">

-> spambots recognise an email address
This "hack" changes this hidden field in

Code: Select all

<input type="hidden" name="recipient" value="bertOnFollowingServeRsomeserver.ext">

-> spambots don't recognise an email address

Hope this helps
B.

[Moozie]

You say I can change OnFollowingServeR to whatever I want. But do I have to change it into anything? Or can I leave it just as it is: OnFollowingServeR?

If it works it's OK, but I don't understand what it actually does, that "OnFollowingServeR"?

[Guest]

it is just a replacement for the @ in the email adress in the hidden field. Spambots are scanning through the internet for things that look like real email adresses and every email adress contains an @ so they scan for an @ as a first thing to find.

So if you replace the @ in the html code that is generatet on your page the spambots won't detect the string which is shown instead of the email adress as one.

clear enough ??

so what this script does is just the following:

normally there would be shown

me@mydomain.com

now the script in this case replaces the @ with OnFollowingServeR so the email adress will be shown as:

meOnFollowingServeRmydomain.com

which spambots don't detect as an email-adress

actually this hack is very useful and you can replace OnFollowingServeR with whatever you want as long as it could not be part of a real email-adress. so for example you could use:
asjdlahsdajsdj instead.

understand it better now ?

[Guest]

hi there, that's a great enhancement. Well done,. Thanx.

But have a look. It's on line 777, not 77.

For those like me who searched and can't find.

regards

[Guest]

hi there, that's a great enhancement. Well done,. Thanx.

But have a look. It's on line 777, not 77.

For those like me who searched and can't find.

regards

[bertalizer]

But have a look. It's on line 777, not 77.

Oooops... I've corrected it.
thanks,
B.

[cyrano]

no problem

so i try it now..

regards

[cyrano]

does this works for all email adresses used in phpwcms or only in forms?

regards

[bertalizer]

does this works for all email adresses used in phpwcms or only in forms?

Only in forms... at the moment.

B.

[cyrano]

thanx - i thought this.

so also usefull - thanx for hack this out.

regards

[sporto]

Great! Works like a charm.

Thanks

[argos]

Nice work, works great.

[Jan212]

good job...

[Nate]

Does anyone know where I can find this code to replace in RC4? It seems to have moved and I cannot locate it-- indeed my content.article.inc.php doesn't even go up to line 777 anymore!

[DeXXus]

No idea if this change still works BUT:

Might this be it ?? (in "include/inc_front/content/cnt10.article.inc.php")

Code: Select all

$content["main"] .= "<input type=\"hidden\" name=\"recipient\" value=\"".$cform[2]."\" />";

Other change is now Line 99 of "act_formmailer.php"