More Security To Contact Form

I have a Joomla site that is getting a lot of spam on its (built in) Contact Form. What is the best way to secure a Contact Form?

I thought about adding captcha but that requires a plug in and creating an account at recaptcha.net, but this might not be the best solution. Is a "best practice" to replace the built in contact form with a Forms Component that already supports captcha?

Thanks!
LVL 1
FgriffinAsked:
Who is Participating?
 
Panagiotis Sweb developer - designer Commented:
0
 
Ray PaseurCommented:
I can show you a very simple CAPTCHA that has no requirements for reCaptcha.net

This shows how to use it.
<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
 
Ray PaseurCommented:
And this is the RAY_captcha_image script.
<?php // RAY_captcha_image.php

// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
error_reporting(E_ALL ^ E_NOTICE);

// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
FgriffinAuthor Commented:
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?
0
 
FgriffinAuthor Commented:
Have you used one of these extensions before? I just tried the OSOLCaptcha one but it seems to have a problem with my template.
0
 
Ray PaseurCommented:
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?

No, I do not use Joomla, so the Joomla part would be your opportunity for adventure.  However I am 100% certain that the scripts work.  You may feel free to see them in action on my web site, here:
http://www.laprbass.com/RAY_captcha_in_action.php

These are very, very simple Captcha samples, and they would be easily defeated by a determined hacker who might use a rainbow attack.  FWIW, Information Technology Security is now the subject of a full time four year Bachelor of Science degree from the University of Maryland.  You have to weigh the value of your systems against the likelihood that an attack can do damage or steal from you.  My guess is that if you are getting spam in a contact form, this simple Captcha will be enough to keep the 'bots at bay.

Best of luck with your project, ~Ray
0
 
austegaCommented:
Another angle on captchas is to remember the pain you are causing to your genuine form users. They are best practice but many users still find them hard to use. I think this is an argument to use reCaptcha in that this is the one that users are likely to have previous experience with.

IN addition you might want to also add in botscout protection. This has provided a further effective level of protection on some of my sites.

For registrations I use the AlphaRegistrations extension to Joomla to handle this effectively and with a good user interface/contextual feedback. Have a look at http://nswagtc.org.au/mynswagtc/register.html?format=html&Itemid=149&option=com_alpharegistration&view=register for example.
0
 
Ray PaseurCommented:
@austega:  This is what makes markets -- I wrote my own little CAPTCHA algorithm because I got so many complaints from people that could not read the contorted reCaptcha images!
0
 
FgriffinAuthor Commented:
After trying several solutions that didn't work with my template I found a new extension called DFContact that worked. It uses ReCaptcha and works well for my issue.

@Ray I needed a solution for Joomla specifically.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.