Recaptcha form being outsmarted?

Posted on 2009-04-20
Last Modified: 2013-12-12
I have a contact form I wrote that uses the Re-Captcha system. I've posted the OOP Recaptcha code I wrote (I took their "sample code" they offer and converted it to OOP style). The form is located at

Lately I've been receiving submissions from the form. I have personally tried to submit this form without using valid re-captcha responses but I keep getting stopped by my code. Have spam bots found a way to defeat the re-captcha system, does my code have an issue, or are these people manually submitting my form?

Below is the code from a large class I wrote that I just copied/pasted the functions used
public function processRequest($data) {

		if (intval($data["doContact"]) == 1) {


		} else {}


	private function contactMe($data) {

		if (trim($data["email"]) != "") {

			header("Location: /Access+Denied-p71.html");


		else {

			$recaptcha = new recaptcha();

			$error = true;

			if ($data["recaptcha_response_field"]) {

				$resp = $recaptcha->recaptcha_check_answer (





				if ($resp->is_valid === true) {

					$template = $this->fileContents("includes/emailTemplate.php");

					$message = sprintf($template, $data["contactTitle"], $data["contactName"], $data["contactCompany"], $data["contactWebsite"], $data["contactEmail"], $data["contactCategory"], $data["contactCategoryOther"], $data["contactDetail"]);

					$error = false;

				} else {

					$_SESSION["postContactForm"] = $data;

					$_SESSION["postContactForm"]["error"] = $resp->error;

					$error = true;



			else {

				$error = true;


			if ($error === true) {

				header("Location: /Contact+Me-p67.html");



			else {

				$this->sendMail($data["contactEmail"], "Contact Form Submission", $message);

				header("Location: /Portfolio+Home-p1.html");




	function sendMail($from, $subject = "", $message = "", $cc = true, $html = true) {

		$eol = "\r\n";

		$headers = "From: " . $from . $eol;

		$headers .= "Reply-To: " . $from . $eol;

		$headers .= "MIME-Version: 1.0" . $eol;

		if ($subject == "") {

			$subject = $this->config["siteTitle"] . " Contact";

		} else {}

		if ($message == "") {

			$message = "Invalid Use!";

		} else {}

		if ($cc == true) {

			$headers .= "CC: " . $from . $eol;

			$message = "<b>Below is a copy of the email you submitted from " . $this->config["siteTitle"] . ":</b><br /><br />" . $message;

		} else {}

		if ($html == true) {

			$headers .= "Content-Type: text/html; charset=iso-8859-1" . $eol;

			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;


		else {

			$headers .= "Content-Type: text/plain; charset=iso-8859-1" . $eol;

			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;


		if (!mail($this->config["adminEmail"], stripslashes($subject), stripslashes($message), stripslashes($headers))) {

			die("problem mailing");

		} else {}


Open in new window

Question by:MMDeveloper
    LVL 19

    Accepted Solution

    Captcha on works against bots. Obviously it does nothing against human spammers, and there are plenty of them out there.

    To combat human spammers, exclude the page from being indexed by the search engines with meta robots noindex, nofollow; meta pragma:no-cache; meta cache-control:no-cache; and in links pointing to the page, add the attribute rel="nofollow".

    Once the page drops out of the search engines' index, human spammers will most likely not come across it.
    LVL 15

    Author Comment

    so this is more than likely real people with no life, manually spamming my form?
    LVL 19

    Expert Comment

    Ya, possibly to test the form to see if it's exploitable.
    LVL 15

    Author Closing Comment

    ok thanks for your time

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Do you want to insert HTML5 video into your site? This is the tutorial how to do so. What are the main advantages of HTML5 video? 1) Have good compression, good image quality, and low decode processor use. 2) It is royalty-free 3) It is easi…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
    The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now