[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

More Security To Contact Form

Posted on 2011-03-08
9
Medium Priority
?
607 Views
Last Modified: 2012-05-11
I have a Joomla site that is getting a lot of spam on its (built in) Contact Form. What is the best way to secure a Contact Form?

I thought about adding captcha but that requires a plug in and creating an account at recaptcha.net, but this might not be the best solution. Is a "best practice" to replace the built in contact form with a Forms Component that already supports captcha?

Thanks!
0
Comment
Question by:Fgriffin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35069834
I can show you a very simple CAPTCHA that has no requirements for reCaptcha.net

This shows how to use it.
<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35069840
And this is the RAY_captcha_image script.
<?php // RAY_captcha_image.php

// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
error_reporting(E_ALL ^ E_NOTICE);

// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35069914
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 12

Accepted Solution

by:
Panagiotis S earned 750 total points
ID: 35070434
0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35071014
Have you used one of these extensions before? I just tried the OSOLCaptcha one but it seems to have a problem with my template.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35071131
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?

No, I do not use Joomla, so the Joomla part would be your opportunity for adventure.  However I am 100% certain that the scripts work.  You may feel free to see them in action on my web site, here:
http://www.laprbass.com/RAY_captcha_in_action.php

These are very, very simple Captcha samples, and they would be easily defeated by a determined hacker who might use a rainbow attack.  FWIW, Information Technology Security is now the subject of a full time four year Bachelor of Science degree from the University of Maryland.  You have to weigh the value of your systems against the likelihood that an attack can do damage or steal from you.  My guess is that if you are getting spam in a contact form, this simple Captcha will be enough to keep the 'bots at bay.

Best of luck with your project, ~Ray
0
 
LVL 8

Assisted Solution

by:austega
austega earned 750 total points
ID: 35074063
Another angle on captchas is to remember the pain you are causing to your genuine form users. They are best practice but many users still find them hard to use. I think this is an argument to use reCaptcha in that this is the one that users are likely to have previous experience with.

IN addition you might want to also add in botscout protection. This has provided a further effective level of protection on some of my sites.

For registrations I use the AlphaRegistrations extension to Joomla to handle this effectively and with a good user interface/contextual feedback. Have a look at http://nswagtc.org.au/mynswagtc/register.html?format=html&Itemid=149&option=com_alpharegistration&view=register for example.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 35076110
@austega:  This is what makes markets -- I wrote my own little CAPTCHA algorithm because I got so many complaints from people that could not read the contorted reCaptcha images!
0
 
LVL 1

Author Closing Comment

by:Fgriffin
ID: 35076512
After trying several solutions that didn't work with my template I found a new extension called DFContact that worked. It uses ReCaptcha and works well for my issue.

@Ray I needed a solution for Joomla specifically.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question