Thewebdeveloper Posted January 4, 2020 Share Posted January 4, 2020 there is some hacker trying to destroy my website, he spammed my contact form, i am talkking about 200 emails sent in minute, i disbaled the forms and wasted 1 day on coding google recaptcha with php into my website. it didnt help lol now i had to disable forms again because host company said i will get banned from their servers.. what can i do to prevent the mass emails? Link to comment Share on other sites More sharing options...
dsonesuk Posted January 4, 2020 Share Posted January 4, 2020 Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled. Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead. The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found. Link to comment Share on other sites More sharing options...
Thewebdeveloper Posted January 4, 2020 Author Share Posted January 4, 2020 13 minutes ago, dsonesuk said: Before giving a solution I assume you are not validating by javascript alone, but by a server language as well, since javascript can be disabled. Have you tried a honeypot input which is hidden by css or javascript. The spambot usually will fill all inputs encounted including this hidden input, so when checking it by server language you can identify it as spam IF FILLED in and then not process the contact form data, but return to contact form instead. The other slightly complicated solution is to get the IP address of emailer and store it, if identified as spam address then compare current with stored to block if found. hey we already blocked the ip address. he use vpn, i am using php as i said in the topic, i dont know anything about honeypot, could u explain? Link to comment Share on other sites More sharing options...
dsonesuk Posted January 4, 2020 Share Posted January 4, 2020 As i said you create an input type text with no value, attribute autocomplete="off" and a name attribute with value like "phone_honey", you hide it with css or javascript using display:none; for example. The spambot will fill it in, you write php validation code to check "phone_honey" value is empty. A person would not fill it in, because its hidden so it is not spam, unlike the spambot. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now