jonsmithgraphics
asked on
how can i stop spam form submissions from bots?
hello,
i have a few sites with simple forms on. recently i have been getting more and more spam submissions from yahoo and googlebots. like this:
A visitor to the VIP Stretch website has requested that we send
them a quote.
Visitor details:
Name: YahooBot
Telephone: zPiDABswZeXmQ
Email Address: yah13oaaa@gmail.com
Pick Up Address: Nice site, thanks for information!
Drop Off Address: Nice site, thanks for information!
Time Of Pick Up: qdYzMUkubCqJdETkGV
Number Of Passengers: 12
Return Journey: ReturnJourney
Single Journey: ReturnJourney
Further Info: Nice site, thanks for information!
the forms use php handlers. I have no idea about preventing these types of submissions so any help gratefully received!
thanks in advance :)
i have a few sites with simple forms on. recently i have been getting more and more spam submissions from yahoo and googlebots. like this:
A visitor to the VIP Stretch website has requested that we send
them a quote.
Visitor details:
Name: YahooBot
Telephone: zPiDABswZeXmQ
Email Address: yah13oaaa@gmail.com
Pick Up Address: Nice site, thanks for information!
Drop Off Address: Nice site, thanks for information!
Time Of Pick Up: qdYzMUkubCqJdETkGV
Number Of Passengers: 12
Return Journey: ReturnJourney
Single Journey: ReturnJourney
Further Info: Nice site, thanks for information!
the forms use php handlers. I have no idea about preventing these types of submissions so any help gratefully received!
thanks in advance :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check out ASkimet - the best and leading spam protection solution.
http://akismet.com/
Also, If you want a custom spam protection on your form try Captcha. To know more:
https://www.experts-exchange.com/questions/23893860/CAPTCHA-for-Contact-Form.html
http://akismet.com/
Also, If you want a custom spam protection on your form try Captcha. To know more:
https://www.experts-exchange.com/questions/23893860/CAPTCHA-for-Contact-Form.html
ASKER
thanks for those very quick replies and suggestions. i will look into those now..
jon
jon
ASKER
do you know if it is possible to style the random graphic to match my site. the size and colours look awful on the page..
i have the securimage version working from http://www.phpcaptcha.org/
cheers
i have the securimage version working from http://www.phpcaptcha.org/
cheers
ASKER
i have found out how to add a background image but the actual characters that go over the top look awful colourwise. i assume i cant change this appearance? if i can would love to hear how..
cheers!!
jon
cheers!!
jon
Try to change $multi_text_color or $text_color for changing the character colors..
Jon: There is an alternative to CAPTCHA that does not require client action - it's a form token. Less annoying for "real" users and just as effective in preventing spam posts.
<?php // RAY_form_token.php
// LOCAL FUNCTIONS TO HANDLE FORM TOKENS
// CREATE AN IDENTITY IN THE FORM
function make_form_token() {
$string = "CHANGE THIS IF YOU WANT" . time() . $_SERVER["SCRIPT_FILENAME"] . "?";
$token = md5($string);
$_SESSION["_form_token"] = $token;
return $token;
}
// EVALUATE THE IDENTITY IN THE FORM
function check_form_token($token=null) {
if (empty($token)) { $token = $_POST["_form_token"]; }
if ($token == $_SESSION["_form_token"]) {
$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true;
}
return false;
}
// MODIFY THIS IF YOU WANT A FRIENDLY FORM TOKEN ERROR
function form_token_error() {
die("Server Error F");
}
// SESSION IS REQUIRED
session_start();
// CHECK FOR FORM INPUT
if (!empty($_POST)) {
// SHOW THE FORM TOKEN
$token = $_SESSION["_form_token"];
echo "<br />The form token is $token ";
if (check_form_token()) {
echo "and it is valid.\n";
} else {
echo "but it is NOT valid.\n";
}
echo "<br />Refresh this screen to resend the data and you can see a form token error.\n";
}
?>
<br /><br />
Click GO to see the form token.
<form action="<?=$PHP_SELF?>" method="post">
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />
<input type="submit" name="submit" value="Go!" />
</form>
CSRF Token, good thinking, Ray
@cr4ck3rj4ck: Thanks. I've used both this and CAPTCHA with equal results. So long as it's not a human at the screen, the results are the same - nothing gets through that shouldn't get through. ~Ray
ASKER
thanks for the alternative suggestion Ray, this sounds very interesting as i really dont like the ugly graphic that is used in the captcha method (although i have got it working perfectly well)
please forgive my utter uselessness but how is this form token method implemented? have you any links of this in action?
thank you!!!
please forgive my utter uselessness but how is this form token method implemented? have you any links of this in action?
thank you!!!
Hey, if you are cared about the look about captcha and really want a secure one (to secure from OCR - image recognition bots) try animated OCR.
http://www.phpclasses.org/browse/package/3929.html
http://www.phpclasses.org/browse/package/3929.html
Jon: just run the script above - it will show you the thing at work. You can view the HTML source.
In the HTML form you put in a statement like this:
<input type="hidden" name="_form_token" value="<?=make_form_token( )?>" />
In the action script, you put in a test like this:
<?php if (!check_form_token()) { die('Bad Form Token'); }
Best, ~Ray
In the HTML form you put in a statement like this:
<input type="hidden" name="_form_token" value="<?=make_form_token(
In the action script, you put in a test like this:
<?php if (!check_form_token()) { die('Bad Form Token'); }
Best, ~Ray
ASKER
in the end i decided to go with 'cr4ck3rj4ck's suggestion of captcha. it was simple and easy to implement and good enough for my needs i think
thanks for all the suggestions :)
thanks for all the suggestions :)
http://www.geekministry.com/blog_article.php?id=93