Are your e-mail forms getting spammed?

[Ben]

I've got some standard e-mail contact forms on a phpwcms site, version 1.2.6. About once every day or two, I get a retarded e-mail with a message like this:

Hello, nice site bingo halls and best casinoodds slots guide systeme and live roulette the palms **** and bingo directory blackjack book and win roulette how to play texas holdem bingo halls and best casinoodds college football gambling and foldingpoker table how to deal blackjack and bashian offshore betting how to deal blackjack and bashian systeme and live roulette keno numbers and gambling losses texas holdem history and holdem poker online poker forum and bettingaustralia 4 card keno and pete rose gambling win at video poker and racehorse
poker craps and online **** slots compulsive gambling and sports gambling sites 4 card keno and pete rose gambling systeme and live roulette keno bay and texas holdembetting paroli and roulette dareslyrics
offshore betting how to play texas holdem

Aside from being slightly annoying, I don't see a huge problem with this. I don't think people can hi-jack a phpwcms e-mail contact form to spam others. I think these people are just testing the form to see if they can possibily to use it to send spam.

Does this happen to you? What are your thoughts on this?

[trip]

Hi Ben
I have had a few forms from various clients being spammed....
what I have done is the following

- made users give 2 email addresses... ie add email then confirm email address... like some of the online ordering or signups use.
- then I have a check box which refers to the terms and conditions. Obviously unchecked. So the user has to click.
- All fields are required
- I have also inserted into the formmailer script a piece of code that gets the IP of the sender... so if this happens on a regular basis then I can block that IP from the site.

I recently had this client spammed for 5 or 6 days
http://houtbayguestvilla.co.za/index.php?enquiry
if you see the form you can see how I have changed it.

I think there are programs out there, that fill in standard feilds, as this client was getting spammed with all kinds of rubbish...
since chaning the form, this has also stopped.

hope this helps
Trip

[axelS]

How about a nice, simple image verification mod for phpwcms?

Also, how safe are the phpwcms emailing script? I had similar php form mailers hacked and abused by spammers and am a bit concerned.

[marcus@localhorst]

what about the BadBehaviour script, which was suggest for using in guestbook? this should detect spam robots and i think it should work for the contactform too?!
i would try it all the time, but have too much to do
m.

[Microbe]

Hey there,

Have phpwcms installed, but despite being quite proficient at PHP I haven't spent a lot of time on phpwcms.

Like others the site is getting mail form spam.

I have some PHP code that asks for the answer to a simple sum (e.g. 2 + 5) to test for humans.

THe thing I can't figure in phpwcms is how I would plug it in at the top of the HTML. If I have used the email form type page then it has all the components, but how do I get to poke around the php code?

Is that even possible?

FYI, here is the code - it is really simple and very basic, but would confound a bot. Obviously it then needs todo a test on submit. This and the test are what I want to get into the page.

Any help appreciated.

Code: Select all

          <?PHP  
		$digit1 = rand(1,10);
		$digit2 = rand(1,10);
		$answer= $digit1 + $digit2;
		
		echo($digit1. " + " . $digit2 . " = ");
		
		?> 
          <input name="result" type="text" id="result" size="2" maxlength="2">
	      <input name="answer" type="hidden" value="<?php echo($answer);?>">
        </p>

then the test is:

Code: Select all

//check for a human
if($_POST["result"] == $_POST["answer"]){
 	$wrong = "";
}
else {
	$wrong="true";
}

	//only send if we have right answer
	if($wrong == ""){  //send email