Spammers using my contact form

the mail() function

Moderators: macek, egami, gesf

Martin Pickering
New php-forum User
New php-forum User
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am

Spammers using my contact form

Postby Martin Pickering » Tue Jan 31, 2006 2:22 am

I am having some problems with spammers using my contact form. My hosting company have said this: -

"That confirms that it is your script. If you check through your log files for today and yesterday you will see when the spammers are using your script. They are the onse without referrer and no browser type."

I know I can get the browser type using this
$browser = $_SERVER['HTTP_USER_AGENT'];

But how do I test for NO browser type?
(Sorry for such a naive question).

Also what is a "referrer" and how do I test for it?

Grateful for all suggestions.

BTW I'm already testing for the presence of an IP address (I think*) but that isn't stopping them.

Code: Select all

function getIP() {
//$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR");
else if(getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "unknown";
return $ip;
}

$ip = getIP();


*I say I think I'm testing for the IP because I'm posting this on behalf of a friend who is using my script but she may have disabled the IP check!

Martin Pickering
New php-forum User
New php-forum User
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am

Postby Martin Pickering » Tue Jan 31, 2006 2:27 am

http://uk.php.net/reserved.variables

RE: Zoic

While checking the referrer sounds like a good idea, this can simply be spoofed by any exploit attempts. It may help deter feeble attempts, but you will also lose any visitors whose browser or proxy strips referrer information.

Since you can't rely on it and must use other validation as well, and since it has the potential to lose valid visitors, I don't see a reason to check it.

Uh, OK, forget "referrer"!

User avatar
Coditor
New php-forum User
New php-forum User
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands
Contact:

Postby Coditor » Thu Feb 02, 2006 2:01 pm

The best way to determine if the form was submitted by a human or a computer, is the appropriately named CAPTCHA (Completely Automated Public turing test to tell Computers and Humans Apart). You will have seen this already on many sites and it consists of a script generated image with some text that the visitor to your form has to enter.

Check http://www.captcha.net for more info.

Martin Pickering
New php-forum User
New php-forum User
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am

Postby Martin Pickering » Thu Feb 02, 2006 2:34 pm

Thanks, yes I've encountered that. How does one implement it?

Hmm, see http://sam.zoy.org/pwntcha/


Return to “PHP coding => Mail”

Who is online

Users browsing this forum: No registered users and 1 guest

cron