Security for Web Form

orthohin · ‎30-10-2012

Hi All,

Just wondering if anyone knows if there is a way I can add a security code input for our form on our website. Either using blue voda or with code I can insert... We are getting a lot of spam.

Thank

______

Orthohin

Sogo7 · ‎30-10-2012

Here's the basic PHP code for a spam filter on a contact form. It's similiar to the one I use over at Lovelogic.net, this script will watch for known exploits, rude words, hidden links, checks the name & email address fields are ok and will stop the email from even being sent if it is unhappy. A determined spammer will eventually get a message to send no matter what code is used but sanitising the form fields in this manner will slow them down quite a bit. Other refinements include using a flood control to prevent the contact form sending more than one mail per minute, IP blocking, redirecting them offsite and if that fails crashing their browser.

You will obviously need to change the form variables to match those in your contact form and having the error messages show is of course optional. If you need the full contact form script customised for your website I'll code it up for you.

$badwords = array("xxx", "viagra", "phentermine", "tramadol", "adipex", "advai", "alprazolam", "ambien", "ambian", "amoxicillin", "antivert", "blackjack", "backgammon", "texas", "holdem", "poker", "carisoprodol", "ciara", "ciprofloxacin", "debt", "dating", "porn", "link=", "voyeur" , "seminar","SEO");/// add as many as you like...

   $exploits = array("content-type", "bcc:", "cc:", "document.cookie", "onclick", "onload", "javascript","x-x","<a");

   foreach ($badwords as $word)
       if (strpos($_POST['comments'], $word) !== false)
           $points += 2;

   foreach ($exploits as $exploit)
       if (strpos($_POST['comments'], $exploit) !== false)
           $points += 2;

   if (strpos($_POST['comments'], "http://") === true || strpos($_POST['comments'], "www.") === true)
       $points += 2;
   if (isset($_POST['nojs']))
       $points += 10; //// //////////////////////////////////// No Javascript Enabeled = message bombs
   if (preg_match("/(<.*>)/i", $_POST['comments']))
       $points += 2;
   if (strlen($_POST['name']) < 3)
       $points += 1;
   if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500))
       $points += 2;
   // end score assignments

   if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comments'])) {
       $error_msg .= "Name, e-mail and comments are required fields. \n";
   } elseif (strlen($_POST['name']) > 35) {
       $error_msg .= "The name field is limited at 35 characters. Your first name or nickname will do! \n";
   } elseif (!ereg("^[A-Za-z' -]*$", $_POST['name'])) {
       $error_msg .= "The name field must not contain special characters. \n";
   } elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($_POST['email']))) {
       $error_msg .= "That is not a valid e-mail address. \n";
   }

   if ($error_msg == NULL && $points <= $maxPoints) {

////////// All message fields are acceptable -> OK to send Email

/////// Your send email script goes in here....

}/// end spam trap

Lovelogic.net UK Jobs Scanner