Solved

More Security To Contact Form

Posted on 2011-03-08
9
605 Views
Last Modified: 2012-05-11
I have a Joomla site that is getting a lot of spam on its (built in) Contact Form. What is the best way to secure a Contact Form?

I thought about adding captcha but that requires a plug in and creating an account at recaptcha.net, but this might not be the best solution. Is a "best practice" to replace the built in contact form with a Forms Component that already supports captcha?

Thanks!
0
Comment
Question by:Fgriffin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 35069834
I can show you a very simple CAPTCHA that has no requirements for reCaptcha.net

This shows how to use it.
<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 35069840
And this is the RAY_captcha_image script.
<?php // RAY_captcha_image.php

// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
error_reporting(E_ALL ^ E_NOTICE);

// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35069914
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Accepted Solution

by:
Panagiotis S earned 250 total points
ID: 35070434
0
 
LVL 1

Author Comment

by:Fgriffin
ID: 35071014
Have you used one of these extensions before? I just tried the OSOLCaptcha one but it seems to have a problem with my template.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 35071131
Have you successfully added the scripts to a 1.5.x Joomla Contact Form?

No, I do not use Joomla, so the Joomla part would be your opportunity for adventure.  However I am 100% certain that the scripts work.  You may feel free to see them in action on my web site, here:
http://www.laprbass.com/RAY_captcha_in_action.php

These are very, very simple Captcha samples, and they would be easily defeated by a determined hacker who might use a rainbow attack.  FWIW, Information Technology Security is now the subject of a full time four year Bachelor of Science degree from the University of Maryland.  You have to weigh the value of your systems against the likelihood that an attack can do damage or steal from you.  My guess is that if you are getting spam in a contact form, this simple Captcha will be enough to keep the 'bots at bay.

Best of luck with your project, ~Ray
0
 
LVL 8

Assisted Solution

by:austega
austega earned 250 total points
ID: 35074063
Another angle on captchas is to remember the pain you are causing to your genuine form users. They are best practice but many users still find them hard to use. I think this is an argument to use reCaptcha in that this is the one that users are likely to have previous experience with.

IN addition you might want to also add in botscout protection. This has provided a further effective level of protection on some of my sites.

For registrations I use the AlphaRegistrations extension to Joomla to handle this effectively and with a good user interface/contextual feedback. Have a look at http://nswagtc.org.au/mynswagtc/register.html?format=html&Itemid=149&option=com_alpharegistration&view=register for example.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 35076110
@austega:  This is what makes markets -- I wrote my own little CAPTCHA algorithm because I got so many complaints from people that could not read the contorted reCaptcha images!
0
 
LVL 1

Author Closing Comment

by:Fgriffin
ID: 35076512
After trying several solutions that didn't work with my template I found a new extension called DFContact that worked. It uses ReCaptcha and works well for my issue.

@Ray I needed a solution for Joomla specifically.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about how to approach blogging and about ways to do it right. Stand out from the crowd and let your knowledge be consumed by a large audience. This article aims to explain how your blog should look like,  the most important things to do while b…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question