how can i stop spam form submissions from bots?

hello,
i have a few sites with simple forms on. recently i have been getting more and more spam submissions from yahoo and googlebots. like this:

A visitor to the VIP Stretch website has requested that we send
them a quote.
 
Visitor details:
 
Name: YahooBot
 
Telephone: zPiDABswZeXmQ
 
Email Address: yah13oaaa@gmail.com
 
Pick Up Address: Nice site, thanks for information!
 
Drop Off Address: Nice site, thanks for information!
 
Time Of Pick Up: qdYzMUkubCqJdETkGV
 
Number Of Passengers: 12
 
Return Journey: ReturnJourney
 
Single Journey: ReturnJourney
 
Further Info: Nice site, thanks for information!
 

the forms use php handlers. I have no idea about preventing these types of submissions so any help gratefully received!

thanks in advance :)
jonsmithgraphicsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cr4ck3rj4ckCommented:
Hi there,

The method for stopping submissions such as these is called CAPTCHA.
http://en.wikipedia.org/wiki/Captcha

There's plenty of freeware options for implementing this. One I like can be found at http://www.phpcaptcha.org/

Hope that helps,
CJ

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aherpsCommented:
biztigerCommented:
Check out ASkimet - the best and leading spam protection solution.
http://akismet.com/

Also, If you want a custom spam protection on your form try Captcha. To know more:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23893860.html
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

jonsmithgraphicsAuthor Commented:
thanks for those very quick replies and suggestions. i will look into those now..

jon

jonsmithgraphicsAuthor Commented:
do you know if it is possible to style the random graphic to match my site. the size and colours look awful on the page..

i have the securimage version working from http://www.phpcaptcha.org/

cheers

jonsmithgraphicsAuthor Commented:
i have found out how to add a background image but the actual characters that go over the top look awful colourwise. i assume i cant change this appearance? if i can would love to hear how..

cheers!!

jon
biztigerCommented:
Try to change $multi_text_color or $text_color for changing the character colors..
Ray PaseurCommented:
Jon: There is an alternative to CAPTCHA that does not require client action - it's a form token.  Less annoying for "real" users and just as effective in preventing spam posts.
<?php // RAY_form_token.php
 
// LOCAL FUNCTIONS TO HANDLE FORM TOKENS
// CREATE AN IDENTITY IN THE FORM
function make_form_token() {
	$string	= "CHANGE THIS IF YOU WANT" . time() . $_SERVER["SCRIPT_FILENAME"] . "?";
	$token 	= md5($string);
	$_SESSION["_form_token"]	= $token;
return $token;
}
 
// EVALUATE THE IDENTITY IN THE FORM
function check_form_token($token=null) {
	if (empty($token)) { $token = $_POST["_form_token"]; }
	if ($token == $_SESSION["_form_token"]) {
		$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true;
	}
return false;
}
 
// MODIFY THIS IF YOU WANT A FRIENDLY FORM TOKEN ERROR
function form_token_error() {
	die("Server Error F");
}
 
// SESSION IS REQUIRED
session_start();
 
// CHECK FOR FORM INPUT
if (!empty($_POST)) {
 
// SHOW THE FORM TOKEN
	$token = $_SESSION["_form_token"];
	echo "<br />The form token is $token ";
	if (check_form_token()) {
		echo "and it is valid.\n";
	} else {
		echo "but it is NOT valid.\n";
	}
echo "<br />Refresh this screen to resend the data and you can  see a form token error.\n";
}
 
?>
<br /><br />
Click GO to see the form token.
<form action="<?=$PHP_SELF?>" method="post">
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />
<input type="submit" name="submit" value="Go!" />
</form>

Open in new window

cr4ck3rj4ckCommented:
CSRF Token, good thinking, Ray
Ray PaseurCommented:
@cr4ck3rj4ck: Thanks.  I've used both this and CAPTCHA with equal results.  So long as it's not a human at the screen, the results are the same - nothing gets through that shouldn't get through. ~Ray
jonsmithgraphicsAuthor Commented:
thanks for the alternative suggestion Ray, this sounds very interesting as i really dont like the ugly graphic that is used in the captcha method (although i have got it working perfectly well)

please forgive my utter uselessness but how is this form token method implemented? have you any links of this in action?

thank you!!!
biztigerCommented:
Hey, if you are cared about the look about captcha and really want a secure one (to secure from OCR - image recognition bots) try animated OCR.

http://www.phpclasses.org/browse/package/3929.html
Ray PaseurCommented:
Jon: just run the script above - it will show you the thing at work.  You can view the HTML source.

In the HTML form you put in a statement like this:
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />

In the action script, you put in a test like this:
<?php  if (!check_form_token()) { die('Bad Form Token'); }

Best, ~Ray
jonsmithgraphicsAuthor Commented:
in the end i decided to go with 'cr4ck3rj4ck's suggestion of captcha. it was simple and easy to implement and good enough for my needs i think

thanks for all the suggestions :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.