Skip to main content
nigelh70638339
nigelh70638339
Inspiring
February 21, 2018
Answered

Stop Spamming from Contact Form

  • February 21, 2018
  • 2 replies
  • 5033 views

I have a contact form on my site and have started getting spam through it.

I have looked into ways to prevent this and the one that I like is the question and answer to prove your not a Bot.

Here is the code for my Contact Form

<?php

// Set email variables

$email_to = 'nigel_utt@hotmail.co.uk';

$email_subject = 'Form submission';

// Set required fields

$required_fields = array('fullname','email','comment');

// set error messages

$error_messages = array(

    'fullname' => 'Please enter a Name to proceed.',

    'email' => 'Please enter a valid Email Address to continue.',

    'comment' => 'Please enter your Message to continue.'

);

// Set form status

$form_complete = FALSE;

// configure validation array

$validation = array();

// check form submittal

if(!empty($_POST)) {

    // Sanitise POST array

    foreach($_POST as $key => $value) $_POST[$key] = remove_email_injection(trim($value));

   

    // Loop into required fields and make sure they match our needs

    foreach($required_fields as $field) {       

        // the field has been submitted?

        if(!array_key_exists($field, $_POST)) array_push($validation, $field);

       

        // check there is information in the field?

        if($_POST[$field] == '') array_push($validation, $field);

       

        // validate the email address supplied

        if($field == 'email') if(!validate_email_address($_POST[$field])) array_push($validation, $field);

    }

   

    // basic validation result

    if(count($validation) == 0) {

        // Prepare our content string

        $email_content = 'New Website Comment: ' . "\n\n";

       

        // simple email content

        foreach($_POST as $key => $value) {

            if($key != 'submit') $email_content .= $key . ': ' . $value . "\n";

        }

       

        // if validation passed ok then send the email

        mail($email_to, $email_subject, $email_content);

       

        // Update form switch

        $form_complete = TRUE;

    }

}

function validate_email_address($email = FALSE) {

    return (preg_match('/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email))? TRUE : FALSE;

}

function remove_email_injection($field = FALSE) {

   return (str_ireplace(array("\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:"), '', $field));

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<!-- Contact Form Designed by James Brand @ dreamweavertutorial.co.uk -->

<!-- Covered under creative commons license - http://dreamweavertutorial.co.uk/permissions/contact-form-permissions.htm -->

    <title>Contact Form</title>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

   

    <link href="contact/css/contactform.css" rel="stylesheet" type="text/css" />

    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/mootools/1.3.0/mootools-yui-compressed.js"></script>

    <script type="text/javascript" src="contact/validation/validation.js"></script>

   

    <script type="text/javascript">

        var nameError = '<?php echo $error_messages['fullname']; ?>';

        var emailError = '<?php echo $error_messages['email']; ?>';

        var commentError = '<?php echo $error_messages['comment']; ?>';

    </script>

</head>

<body onload="MM_preloadImages('contact.images/x.png')">

<div id="formwrap">

<h2> We appreciate your feedback.</h2>

<div id="form">

<?php if($form_complete === FALSE): ?>

<form action="contact.php" method="post" id="comments_form">

    <div class="row">

    <div class="label">Your Name</div> <!--end .label -->

    <div class="input">

    <input type=="text" id="fullname" class="detail" name="fullname" value="<?php echo isset($_POST['fullname'])? $_POST['fullname'] : ''; ?>

"/><?php if(in_array('fullname', $validation)): ?><span class="error"><?php echo $error_messages['fullname']; ?></span><?php endif; ?>

    </div><!-- end .input -->

    <div class="context">e.g. John Smith or Jane Doe</div><!-- end .context -->

    </div><!--end .row -->

   

    <br>

   

    <div class="row">

    <div class="label">Your Email Address</div> <!--end .label -->

    <div class="input">

    <input type=="text" id="email" class="detail" name="email" value="<?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>"/><?php if(in_array('email', $validation)): ?><span class="error"><?php echo $error_messages['email']; ?></span><?php endif; ?>

    </div><!-- end .input -->

    <div class="context">We will never share your details</div><!-- end .context -->

    </div><!--end .row -->

   

    <br>

    <div class="row">

    <div class="label">Your Message</div> <!--end .label -->

    <div class="iput2">

    <textarea id="comment" name="comment" class="mess"><?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?>

</textarea><?php if(in_array('comment', $validation)): ?><span class="error"><?php echo $error_messages['comment']; ?></span><?php endif; ?>

    </div><!-- end .input -->

    </div><!--end .row -->

    <div class="Submit">

      <p>

        <input type ="submit" id="submit" name="submit" value="Send Message"/>

      </p>

   

    </div><!-- end .submit -->

   

    </form>

<?php else: ?>

<p style="font-size:18px; font-family:Verdana, Geneva, sans-serif; font-weight:bold; color:#000; margin-left:25px;">Thank you for your Message!</p>

<script type="text/javascript">

setTimeout ('ourRedirect()', 5000)

function ourRedirect(){

    location.href='index.html'

}

</script>

<?php endif; ?>

</div><!--end of form --></div>

<p> </p>

<p> </p>

</body>

</html>

Can someone please tell me what I need to do and where I need to put the necessary code.

Thanks in advance!

    This topic has been closed for replies.
    Correct answer osgood_

    Wolfshade, you lost me!

    Where would the SetInterval function placed?


    Use a security maths question that your users must complete. In this instance its 3 x 4 = ? but you can change it to what you require.

    Add another row (see code below) right after your 'Your Message' row and before <div class="Submit">

    <div class="row">

    <div class="label">Security Question: 3 x 4 = ?</div> <!--end .label -->

    <input type="text" name="alien_attack" class="alien_attack" value="<?php if(!isset($error['alien_attack'])) {echo $alien_attack;} ?>" /><?php if(isset($error['alien_attack'])) {echo $error['alien_attack'];} ?>

    </div><!-- end .input -->

    </div><!--end .row -->

    Add the below php code to the existing php code, directly after:  if(!empty($_POST)) {

    // Security check

    $alien_attack = $_POST['alien_attack'];

    if(empty($alien_attack)) {

    $error['alien_attack'] = "Please provide the correct answer";

    }

    if($alien_attack != "12") {

    $error['alien_attack'] = "Please provide the correct answer";

    }

    Then change the line of php code below:

    // basic validation result

    if(count($validation) == 0) {

    To this:

    // basic validation result

    if(count($validation) == 0 && !isset($error['alien_attack'])) {

    As a further counter measure if the above is having little effect you could also include a hidden form field which if filled in by a bot the php script stops running. Bots usually fill out all the form field they find.

    Add the below directly before <div class="Submit">

    <input type="hidden" name="alien" />

    Then add the php code below to the existing php code directly after: if(!empty($_POST)) {

    $alien = $_POST['alien'];

    if(!empty($alien)) {

    exit;

    }

    2 replies

    Nancy OShea
    Community Expert
    Nancy OSheaCommunity Expert
    Community Expert
    February 21, 2018

    Nothing will stop human spam.  But a simple math problem will stop robots.

    Alt-Web Design & Publishing: Responsive Contact Form with Bootstrap 3.2 and PHP (Part 1)

    Nancy O'Shea— Product User & Community Expert
    nigelh70638339
    nigelh70638339Author
    Inspiring
    February 22, 2018

    Nancy, I don't use Bootstrap. I plain and simple don't understand it.

    BenPleysier
    Community Expert
    BenPleysierCommunity Expert
    Community Expert
    February 21, 2018

    You are not saying what type of spam that you are getting. Is someone physically filling in the form or is it a spam robot that comes along.

    The latter can easily be fixed with reCAPTCHA: Easy on Humans, Hard on Bots

    Wappler is the DMXzone-made Dreamweaver replacement and includes the best of their powerful extensions, as well as much more!
    nigelh70638339
    nigelh70638339Author
    Inspiring
    February 21, 2018

    Not sure. How do I find out?

    All I know is I am getting a lot of spam from Russia. Names and emails are being filled in, for example

    New Website Comment: fullname: JamesTobemail: jamesessay@mail.rucomment: <a href=https://goo.gl/B1NpJo>help me write my essay</a>

    WolfShade
    WolfShade
    Legend
    February 21, 2018

    One thing that I have done to cut down on 'bots filling out the form is to use JavaScript to add the form element to the DOM 5 seconds after the page loads.  If the 'bot doesn't see the form immediately, it moves on.

    HTH,

    ^ _ ^

    UPDATE:  Another thing that I do is use RegEx to strip all HTML tags out of user input, leaving the content between open/closing tags. 

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices