Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how can i stop spam form submissions from bots?

Posted on 2008-11-12
14
Medium Priority
?
623 Views
Last Modified: 2012-05-05
hello,
i have a few sites with simple forms on. recently i have been getting more and more spam submissions from yahoo and googlebots. like this:

A visitor to the VIP Stretch website has requested that we send
them a quote.
 
Visitor details:
 
Name: YahooBot
 
Telephone: zPiDABswZeXmQ
 
Email Address: yah13oaaa@gmail.com
 
Pick Up Address: Nice site, thanks for information!
 
Drop Off Address: Nice site, thanks for information!
 
Time Of Pick Up: qdYzMUkubCqJdETkGV
 
Number Of Passengers: 12
 
Return Journey: ReturnJourney
 
Single Journey: ReturnJourney
 
Further Info: Nice site, thanks for information!
 

the forms use php handlers. I have no idea about preventing these types of submissions so any help gratefully received!

thanks in advance :)
0
Comment
Question by:jonsmithgraphics
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 6

Accepted Solution

by:
cr4ck3rj4ck earned 1500 total points
ID: 22938558
Hi there,

The method for stopping submissions such as these is called CAPTCHA.
http://en.wikipedia.org/wiki/Captcha

There's plenty of freeware options for implementing this. One I like can be found at http://www.phpcaptcha.org/

Hope that helps,
CJ
0
 
LVL 7

Expert Comment

by:aherps
ID: 22938589
0
 
LVL 8

Expert Comment

by:biztiger
ID: 22938595
Check out ASkimet - the best and leading spam protection solution.
http://akismet.com/

Also, If you want a custom spam protection on your form try Captcha. To know more:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23893860.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jonsmithgraphics
ID: 22938657
thanks for those very quick replies and suggestions. i will look into those now..

jon

0
 

Author Comment

by:jonsmithgraphics
ID: 22939418
do you know if it is possible to style the random graphic to match my site. the size and colours look awful on the page..

i have the securimage version working from http://www.phpcaptcha.org/

cheers

0
 

Author Comment

by:jonsmithgraphics
ID: 22939793
i have found out how to add a background image but the actual characters that go over the top look awful colourwise. i assume i cant change this appearance? if i can would love to hear how..

cheers!!

jon
0
 
LVL 8

Expert Comment

by:biztiger
ID: 22939897
Try to change $multi_text_color or $text_color for changing the character colors..
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 22940631
Jon: There is an alternative to CAPTCHA that does not require client action - it's a form token.  Less annoying for "real" users and just as effective in preventing spam posts.
<?php // RAY_form_token.php
 
// LOCAL FUNCTIONS TO HANDLE FORM TOKENS
// CREATE AN IDENTITY IN THE FORM
function make_form_token() {
	$string	= "CHANGE THIS IF YOU WANT" . time() . $_SERVER["SCRIPT_FILENAME"] . "?";
	$token 	= md5($string);
	$_SESSION["_form_token"]	= $token;
return $token;
}
 
// EVALUATE THE IDENTITY IN THE FORM
function check_form_token($token=null) {
	if (empty($token)) { $token = $_POST["_form_token"]; }
	if ($token == $_SESSION["_form_token"]) {
		$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true;
	}
return false;
}
 
// MODIFY THIS IF YOU WANT A FRIENDLY FORM TOKEN ERROR
function form_token_error() {
	die("Server Error F");
}
 
// SESSION IS REQUIRED
session_start();
 
// CHECK FOR FORM INPUT
if (!empty($_POST)) {
 
// SHOW THE FORM TOKEN
	$token = $_SESSION["_form_token"];
	echo "<br />The form token is $token ";
	if (check_form_token()) {
		echo "and it is valid.\n";
	} else {
		echo "but it is NOT valid.\n";
	}
echo "<br />Refresh this screen to resend the data and you can  see a form token error.\n";
}
 
?>
<br /><br />
Click GO to see the form token.
<form action="<?=$PHP_SELF?>" method="post">
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />
<input type="submit" name="submit" value="Go!" />
</form>

Open in new window

0
 
LVL 6

Expert Comment

by:cr4ck3rj4ck
ID: 22940747
CSRF Token, good thinking, Ray
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 22940890
@cr4ck3rj4ck: Thanks.  I've used both this and CAPTCHA with equal results.  So long as it's not a human at the screen, the results are the same - nothing gets through that shouldn't get through. ~Ray
0
 

Author Comment

by:jonsmithgraphics
ID: 22941059
thanks for the alternative suggestion Ray, this sounds very interesting as i really dont like the ugly graphic that is used in the captcha method (although i have got it working perfectly well)

please forgive my utter uselessness but how is this form token method implemented? have you any links of this in action?

thank you!!!
0
 
LVL 8

Expert Comment

by:biztiger
ID: 22941127
Hey, if you are cared about the look about captcha and really want a secure one (to secure from OCR - image recognition bots) try animated OCR.

http://www.phpclasses.org/browse/package/3929.html
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 22941176
Jon: just run the script above - it will show you the thing at work.  You can view the HTML source.

In the HTML form you put in a statement like this:
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />

In the action script, you put in a test like this:
<?php  if (!check_form_token()) { die('Bad Form Token'); }

Best, ~Ray
0
 

Author Comment

by:jonsmithgraphics
ID: 22951855
in the end i decided to go with 'cr4ck3rj4ck's suggestion of captcha. it was simple and easy to implement and good enough for my needs i think

thanks for all the suggestions :)
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question