[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Recaptcha form being outsmarted?

Posted on 2009-04-20
4
Medium Priority
?
282 Views
Last Modified: 2013-12-12
I have a contact form I wrote that uses the Re-Captcha system. I've posted the OOP Recaptcha code I wrote (I took their "sample code" they offer and converted it to OOP style). The form is located at
http://www.mechanicmatt.com/Contact+Me-p67.html

Lately I've been receiving submissions from the form. I have personally tried to submit this form without using valid re-captcha responses but I keep getting stopped by my code. Have spam bots found a way to defeat the re-captcha system, does my code have an issue, or are these people manually submitting my form?

Below is the code from a large class I wrote that I just copied/pasted the functions used
public function processRequest($data) {
		if (intval($data["doContact"]) == 1) {
			$this->contactMe($data);
		} else {}
	}
 
	private function contactMe($data) {
		if (trim($data["email"]) != "") {
			header("Location: /Access+Denied-p71.html");
		}
		else {
			$recaptcha = new recaptcha();
			$error = true;
 
			if ($data["recaptcha_response_field"]) {
				$resp = $recaptcha->recaptcha_check_answer (
							$_SERVER["REMOTE_ADDR"],
							$data["recaptcha_challenge_field"],
							$data["recaptcha_response_field"]
						);
 
				if ($resp->is_valid === true) {
					$template = $this->fileContents("includes/emailTemplate.php");
					$message = sprintf($template, $data["contactTitle"], $data["contactName"], $data["contactCompany"], $data["contactWebsite"], $data["contactEmail"], $data["contactCategory"], $data["contactCategoryOther"], $data["contactDetail"]);
					$error = false;
				} else {
					$_SESSION["postContactForm"] = $data;
					$_SESSION["postContactForm"]["error"] = $resp->error;
					$error = true;
				}
			}
			else {
				$error = true;
			}
 
			if ($error === true) {
				header("Location: /Contact+Me-p67.html");
				die();
			}
			else {
				$this->sendMail($data["contactEmail"], "Contact Form Submission", $message);
				header("Location: /Portfolio+Home-p1.html");
			}
		}
	}
 
	function sendMail($from, $subject = "", $message = "", $cc = true, $html = true) {
 
		$eol = "\r\n";
 
		$headers = "From: " . $from . $eol;
		$headers .= "Reply-To: " . $from . $eol;
		$headers .= "MIME-Version: 1.0" . $eol;
 
		if ($subject == "") {
			$subject = $this->config["siteTitle"] . " Contact";
		} else {}
 
		if ($message == "") {
			$message = "Invalid Use!";
		} else {}
 
		if ($cc == true) {
			$headers .= "CC: " . $from . $eol;
			$message = "<b>Below is a copy of the email you submitted from " . $this->config["siteTitle"] . ":</b><br /><br />" . $message;
		} else {}
 
		if ($html == true) {
			$headers .= "Content-Type: text/html; charset=iso-8859-1" . $eol;
			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
		}
		else {
			$headers .= "Content-Type: text/plain; charset=iso-8859-1" . $eol;
			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
		}
 
		if (!mail($this->config["adminEmail"], stripslashes($subject), stripslashes($message), stripslashes($headers))) {
			die("problem mailing");
		} else {}
	}

Open in new window

contactMe.php.txt
index.php.txt
Init.php.txt
recaptcha.php.txt
0
Comment
Question by:MMDeveloper
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
v2Media earned 2000 total points
ID: 24189527
Captcha on works against bots. Obviously it does nothing against human spammers, and there are plenty of them out there.

To combat human spammers, exclude the page from being indexed by the search engines with meta robots noindex, nofollow; meta pragma:no-cache; meta cache-control:no-cache; and in links pointing to the page, add the attribute rel="nofollow".

Once the page drops out of the search engines' index, human spammers will most likely not come across it.
0
 
LVL 15

Author Comment

by:MMDeveloper
ID: 24194913
so this is more than likely real people with no life, manually spamming my form?
0
 
LVL 19

Expert Comment

by:v2Media
ID: 24195147
Ya, possibly to test the form to see if it's exploitable.
0
 
LVL 15

Author Closing Comment

by:MMDeveloper
ID: 31572453
ok thanks for your time
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month18 days, 19 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question