what to do against contact form spam

[Thewebdeveloper]

there is some hacker trying to destroy my website, he spammed my contact form, i am talkking about 200 emails sent in minute,

i disbaled the forms and wasted 1 day on coding google recaptcha with php into my website.

it didnt help lol

now i had to disable forms again because host company said i will get banned from their servers..

what can i do to prevent the mass emails?

[dsonesuk]

Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled.

Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead.

The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found.

[Thewebdeveloper]

13 minutes ago, dsonesuk said:

Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled.

Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead.

The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found.

hey we already blocked the ip address. he use vpn, i am using php as i said in the topic, i dont know anything about honeypot, could u explain?

[dsonesuk]

As i said you create an input type text with no value, attribute autocomplete="off" and a name attribute with value like "phone_honey", you hide it with css or javascript using display:none; for example.

The spambot will fill it in, you write php validation code to check "phone_honey" value is empty. A person would not fill it in, because its hidden so it is not spam, unlike the spambot.