Solved

More Security To Contact Form

Posted on 2011-03-08
9
601 Views
Last Modified: 2012-05-11
I have a Joomla site that is getting a lot of spam on its (built in) Contact Form. What is the best way to secure a Contact Form?

I thought about adding captcha but that requires a plug in and creating an account at recaptcha.net, but this might not be the best solution. Is a "best practice" to replace the built in contact form with a Forms Component that already supports captcha?

Thanks!
0
Comment
Question by:Fgriffin
9 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 35069834
I can show you a very simple CAPTCHA that has no requirements for reCaptcha.net

This shows how to use it.
<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 35069840
And this is the RAY_captcha_image script.
<?php // RAY_captcha_image.php

// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
error_reporting(E_ALL ^ E_NOTICE);

// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35069914
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 12

Accepted Solution

by:
Panagiotis S earned 250 total points
ID: 35070434
0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35071014
Have you used one of these extensions before? I just tried the OSOLCaptcha one but it seems to have a problem with my template.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 35071131
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?

No, I do not use Joomla, so the Joomla part would be your opportunity for adventure.  However I am 100% certain that the scripts work.  You may feel free to see them in action on my web site, here:
http://www.laprbass.com/RAY_captcha_in_action.php

These are very, very simple Captcha samples, and they would be easily defeated by a determined hacker who might use a rainbow attack.  FWIW, Information Technology Security is now the subject of a full time four year Bachelor of Science degree from the University of Maryland.  You have to weigh the value of your systems against the likelihood that an attack can do damage or steal from you.  My guess is that if you are getting spam in a contact form, this simple Captcha will be enough to keep the 'bots at bay.

Best of luck with your project, ~Ray
0
 
LVL 8

Assisted Solution

by:austega
austega earned 250 total points
ID: 35074063
Another angle on captchas is to remember the pain you are causing to your genuine form users. They are best practice but many users still find them hard to use. I think this is an argument to use reCaptcha in that this is the one that users are likely to have previous experience with.

IN addition you might want to also add in botscout protection. This has provided a further effective level of protection on some of my sites.

For registrations I use the AlphaRegistrations extension to Joomla to handle this effectively and with a good user interface/contextual feedback. Have a look at http://nswagtc.org.au/mynswagtc/register.html?format=html&Itemid=149&option=com_alpharegistration&view=register for example.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 35076110
@austega:  This is what makes markets -- I wrote my own little CAPTCHA algorithm because I got so many complaints from people that could not read the contorted reCaptcha images!
0
 
LVL 1

Author Closing Comment

by:Fgriffin
ID: 35076512
After trying several solutions that didn't work with my template I found a new extension called DFContact that worked. It uses ReCaptcha and works well for my issue.

@Ray I needed a solution for Joomla specifically.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
In this blog, I will share you some basic tips for content marketing and to rank your website on Google.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question