Jump to content
Thewebdeveloper

what to do against contact form spam

Recommended Posts

there is some hacker trying to destroy my website, he spammed my contact form, i am talkking about 200 emails sent in minute,

i disbaled the forms and wasted 1 day on coding google recaptcha with php into my website.

it didnt help lol

now i had to disable forms again because host company said i will get banned from their servers..

what can i do to prevent the mass emails?

Share this post


Link to post
Share on other sites

Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled.

Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead.

The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found.

Share this post


Link to post
Share on other sites
13 minutes ago, dsonesuk said:

Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled.

Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead.

The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found.

hey we already blocked the ip address. he use vpn, i am using php as i said in the topic, i dont know anything about honeypot, could u explain?

Share this post


Link to post
Share on other sites

As i said you create an input type text with no value, attribute autocomplete="off" and a name attribute with value like "phone_honey", you hide it with css or javascript using display:none; for example.

The spambot will fill it in, you write php validation code to check "phone_honey" value is empty. A person would not fill it in, because its hidden so it is not spam, unlike the spambot.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...