how can i stop spam form submissions from bots?

hello,
i have a few sites with simple forms on. recently i have been getting more and more spam submissions from yahoo and googlebots. like this:

A visitor to the VIP Stretch website has requested that we send
them a quote.
 
Visitor details:
 
Name: YahooBot
 
Telephone: zPiDABswZeXmQ
 
Email Address: yah13oaaa@gmail.com
 
Pick Up Address: Nice site, thanks for information!
 
Drop Off Address: Nice site, thanks for information!
 
Time Of Pick Up: qdYzMUkubCqJdETkGV
 
Number Of Passengers: 12
 
Return Journey: ReturnJourney
 
Single Journey: ReturnJourney
 
Further Info: Nice site, thanks for information!
 

the forms use php handlers. I have no idea about preventing these types of submissions so any help gratefully received!

thanks in advance :)
jonsmithgraphicsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cr4ck3rj4ckCommented:
Hi there,

The method for stopping submissions such as these is called CAPTCHA.
http://en.wikipedia.org/wiki/Captcha

There's plenty of freeware options for implementing this. One I like can be found at http://www.phpcaptcha.org/

Hope that helps,
CJ
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aherpsCommented:
0
biztigerCommented:
Check out ASkimet - the best and leading spam protection solution.
http://akismet.com/

Also, If you want a custom spam protection on your form try Captcha. To know more:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_23893860.html
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jonsmithgraphicsAuthor Commented:
thanks for those very quick replies and suggestions. i will look into those now..

jon

0
jonsmithgraphicsAuthor Commented:
do you know if it is possible to style the random graphic to match my site. the size and colours look awful on the page..

i have the securimage version working from http://www.phpcaptcha.org/

cheers

0
jonsmithgraphicsAuthor Commented:
i have found out how to add a background image but the actual characters that go over the top look awful colourwise. i assume i cant change this appearance? if i can would love to hear how..

cheers!!

jon
0
biztigerCommented:
Try to change $multi_text_color or $text_color for changing the character colors..
0
Ray PaseurCommented:
Jon: There is an alternative to CAPTCHA that does not require client action - it's a form token.  Less annoying for "real" users and just as effective in preventing spam posts.
<?php // RAY_form_token.php
 
// LOCAL FUNCTIONS TO HANDLE FORM TOKENS
// CREATE AN IDENTITY IN THE FORM
function make_form_token() {
	$string	= "CHANGE THIS IF YOU WANT" . time() . $_SERVER["SCRIPT_FILENAME"] . "?";
	$token 	= md5($string);
	$_SESSION["_form_token"]	= $token;
return $token;
}
 
// EVALUATE THE IDENTITY IN THE FORM
function check_form_token($token=null) {
	if (empty($token)) { $token = $_POST["_form_token"]; }
	if ($token == $_SESSION["_form_token"]) {
		$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true;
	}
return false;
}
 
// MODIFY THIS IF YOU WANT A FRIENDLY FORM TOKEN ERROR
function form_token_error() {
	die("Server Error F");
}
 
// SESSION IS REQUIRED
session_start();
 
// CHECK FOR FORM INPUT
if (!empty($_POST)) {
 
// SHOW THE FORM TOKEN
	$token = $_SESSION["_form_token"];
	echo "<br />The form token is $token ";
	if (check_form_token()) {
		echo "and it is valid.\n";
	} else {
		echo "but it is NOT valid.\n";
	}
echo "<br />Refresh this screen to resend the data and you can  see a form token error.\n";
}
 
?>
<br /><br />
Click GO to see the form token.
<form action="<?=$PHP_SELF?>" method="post">
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />
<input type="submit" name="submit" value="Go!" />
</form>

Open in new window

0
cr4ck3rj4ckCommented:
CSRF Token, good thinking, Ray
0
Ray PaseurCommented:
@cr4ck3rj4ck: Thanks.  I've used both this and CAPTCHA with equal results.  So long as it's not a human at the screen, the results are the same - nothing gets through that shouldn't get through. ~Ray
0
jonsmithgraphicsAuthor Commented:
thanks for the alternative suggestion Ray, this sounds very interesting as i really dont like the ugly graphic that is used in the captcha method (although i have got it working perfectly well)

please forgive my utter uselessness but how is this form token method implemented? have you any links of this in action?

thank you!!!
0
biztigerCommented:
Hey, if you are cared about the look about captcha and really want a secure one (to secure from OCR - image recognition bots) try animated OCR.

http://www.phpclasses.org/browse/package/3929.html
0
Ray PaseurCommented:
Jon: just run the script above - it will show you the thing at work.  You can view the HTML source.

In the HTML form you put in a statement like this:
<input type="hidden" name="_form_token" value="<?=make_form_token()?>" />

In the action script, you put in a test like this:
<?php  if (!check_form_token()) { die('Bad Form Token'); }

Best, ~Ray
0
jonsmithgraphicsAuthor Commented:
in the end i decided to go with 'cr4ck3rj4ck's suggestion of captcha. it was simple and easy to implement and good enough for my needs i think

thanks for all the suggestions :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.