Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => Mail

Spammers using my contact form

the mail() function

Moderators: macek, egami, gesf

Spammers using my contact form

Postby Martin Pickering » Tue Jan 31, 2006 2:22 am

I am having some problems with spammers using my contact form. My hosting company have said this: -

"That confirms that it is your script. If you check through your log files for today and yesterday you will see when the spammers are using your script. They are the onse without referrer and no browser type."

I know I can get the browser type using this
$browser = $_SERVER['HTTP_USER_AGENT'];

But how do I test for NO browser type?
(Sorry for such a naive question).

Also what is a "referrer" and how do I test for it?

Grateful for all suggestions.

BTW I'm already testing for the presence of an IP address (I think*) but that isn't stopping them.

Code: Select all
function getIP() {
//$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR");
else if(getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "unknown";
return $ip;
}

$ip = getIP();


*I say I think I'm testing for the IP because I'm posting this on behalf of a friend who is using my script but she may have disabled the IP check!
Martin Pickering
New php-forum User
New php-forum User
 
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am

Postby Martin Pickering » Tue Jan 31, 2006 2:27 am

http://uk.php.net/reserved.variables

RE: Zoic

While checking the referrer sounds like a good idea, this can simply be spoofed by any exploit attempts. It may help deter feeble attempts, but you will also lose any visitors whose browser or proxy strips referrer information.

Since you can't rely on it and must use other validation as well, and since it has the potential to lose valid visitors, I don't see a reason to check it.

Uh, OK, forget "referrer"!
Martin Pickering
New php-forum User
New php-forum User
 
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am

Postby Coditor » Thu Feb 02, 2006 2:01 pm

The best way to determine if the form was submitted by a human or a computer, is the appropriately named CAPTCHA (Completely Automated Public turing test to tell Computers and Humans Apart). You will have seen this already on many sites and it consists of a script generated image with some text that the visitor to your form has to enter.

Check http://www.captcha.net for more info.
Coditor
New php-forum User
New php-forum User
 
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands

Postby Martin Pickering » Thu Feb 02, 2006 2:34 pm

Thanks, yes I've encountered that. How does one implement it?

Hmm, see http://sam.zoy.org/pwntcha/
Martin Pickering
New php-forum User
New php-forum User
 
Posts: 106
Joined: Fri Oct 17, 2003 8:00 am


Return to PHP coding => Mail

Who is online

Users browsing this forum: No registered users and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.