Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

More Security To Contact Form

Posted on 2011-03-08
9
Medium Priority
?
608 Views
Last Modified: 2012-05-11
I have a Joomla site that is getting a lot of spam on its (built in) Contact Form. What is the best way to secure a Contact Form?

I thought about adding captcha but that requires a plug in and creating an account at recaptcha.net, but this might not be the best solution. Is a "best practice" to replace the built in contact form with a Forms Component that already supports captcha?

Thanks!
0
Comment
Question by:Fgriffin
9 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35069834
I can show you a very simple CAPTCHA that has no requirements for reCaptcha.net

This shows how to use it.
<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35069840
And this is the RAY_captcha_image script.
<?php // RAY_captcha_image.php

// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
error_reporting(E_ALL ^ E_NOTICE);

// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35069914
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Accepted Solution

by:
Panagiotis S earned 750 total points
ID: 35070434
0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35071014
Have you used one of these extensions before? I just tried the OSOLCaptcha one but it seems to have a problem with my template.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35071131
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?

No, I do not use Joomla, so the Joomla part would be your opportunity for adventure.  However I am 100% certain that the scripts work.  You may feel free to see them in action on my web site, here:
http://www.laprbass.com/RAY_captcha_in_action.php

These are very, very simple Captcha samples, and they would be easily defeated by a determined hacker who might use a rainbow attack.  FWIW, Information Technology Security is now the subject of a full time four year Bachelor of Science degree from the University of Maryland.  You have to weigh the value of your systems against the likelihood that an attack can do damage or steal from you.  My guess is that if you are getting spam in a contact form, this simple Captcha will be enough to keep the 'bots at bay.

Best of luck with your project, ~Ray
0
 
LVL 8

Assisted Solution

by:austega
austega earned 750 total points
ID: 35074063
Another angle on captchas is to remember the pain you are causing to your genuine form users. They are best practice but many users still find them hard to use. I think this is an argument to use reCaptcha in that this is the one that users are likely to have previous experience with.

IN addition you might want to also add in botscout protection. This has provided a further effective level of protection on some of my sites.

For registrations I use the AlphaRegistrations extension to Joomla to handle this effectively and with a good user interface/contextual feedback. Have a look at http://nswagtc.org.au/mynswagtc/register.html?format=html&Itemid=149&option=com_alpharegistration&view=register for example.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35076110
@austega:  This is what makes markets -- I wrote my own little CAPTCHA algorithm because I got so many complaints from people that could not read the contorted reCaptcha images!
0
 
LVL 1

Author Closing Comment

by:Fgriffin
ID: 35076512
After trying several solutions that didn't work with my template I found a new extension called DFContact that worked. It uses ReCaptcha and works well for my issue.

@Ray I needed a solution for Joomla specifically.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month21 days, 6 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question