Blocking SPAM mails in back-end file

[aamberker]

Hi Folks,How do I place the following code in "formmail.php" file??? // Check for Website URL's in the form input boxes if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();} if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();} if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();} // Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string~ formmail.php ~ *****************************************************************// Set the names of input tags present in the form here.$myInputs = array("name","email","phone","comments","hearaboutus"); $From="xxx@abc.com"; //from email Id $To = "xxx@abc.com"; //to email Id$Subject = "Visitor's Information from the Contact Us page!"; // set the Email Message subject $responseMessage = "Testing!... Testing!... Testing!..."; //The message that need to be displayed after submission. ***************************************************************** if ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="POST") { $emailMsg = "The following information has been submitted.:\n\n"; for ($i=0;$i<count($myInputs);$i++) { $emailMsg .= $myInputs[$i]." -- ".$_REQUEST[$myInputs[$i]]."\r\n"; } $emailMsg .= "\n\n"; $headers = "From: $From\nReturn-Path: ".$tReturn."\ncc: xxx@abc.com,xxx@abc.com\n"; $emailOk=mail($To,$Subject,$emailMsg,$headers); // if ($emailOk) print $responseMessage; } //Posting ?><script>location.href="http://www.domain.com/thankyou.html "</script>*****************************************************************

[Synook]

I think the first code (the one you want to insert) is missing a bit. It creates a Regex but doesn't do anything with it.

[aamberker]

I think the first code (the one you want to insert) is missing a bit. It creates a Regex but doesn't do anything with it.

Hey Synook,Thanks for your responsehummm... FYI - Service provider gave me that code to prevent spam mails. whewww... What does "regex" stands for? Does it ignore white space by default??? OR???Could you pls let me know the appropriate code to insert in my formmail.php file???

[Synook]

You could do something like

*****************************************************************// Set the names of input tags present in the form here.$myInputs = array("name","email","phone","comments","hearaboutus");$From="xxx@abc.com"; //from email Id$To = "xxx@abc.com"; //to email Id$Subject = "Visitor's Information from the Contact Us page!"; // set the Email Message subject$responseMessage = "Testing!... Testing!... Testing!..."; //The message that need to be displayed after submission.*****************************************************************if ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="POST") {$emailMsg = "The following information has been submitted.:\n\n";for ($i=0;$i<count($myInputs);$i++){$emailMsg .= $myInputs[$i]." -- ".$_REQUEST[$myInputs[$i]]."\r\n";}// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string$emailMsg = preg_replace($pattern, "", $emailMsg);$emailMsg .= "\n\n";$headers = "From: $From\nReturn-Path: ".$tReturn."\ncc: xxx@abc.com,xxx@abc.com\n";$emailOk=mail($To,$Subject,$emailMsg,$headers);// if ($emailOk) print $responseMessage;} //Posting?><script>location.href="http://www.domain.com/thankyou.html "</script>

You don't need the first bits, as you aren't allowing the user to input from and to addresses.

[aamberker]

You could do something like

*****************************************************************// Set the names of input tags present in the form here.$myInputs = array("name","email","phone","comments","hearaboutus");$From="xxx@abc.com"; //from email Id$To = "xxx@abc.com"; //to email Id$Subject = "Visitor's Information from the Contact Us page!"; // set the Email Message subject$responseMessage = "Testing!... Testing!... Testing!..."; //The message that need to be displayed after submission.*****************************************************************if ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="POST") {$emailMsg = "The following information has been submitted.:\n\n";for ($i=0;$i<count($myInputs);$i++){$emailMsg .= $myInputs[$i]." -- ".$_REQUEST[$myInputs[$i]]."\r\n";}// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string$emailMsg = preg_replace($pattern, "", $emailMsg);$emailMsg .= "\n\n";$headers = "From: $From\nReturn-Path: ".$tReturn."\ncc: xxx@abc.com,xxx@abc.com\n";$emailOk=mail($To,$Subject,$emailMsg,$headers);// if ($emailOk) print $responseMessage;} //Posting?><script>location.href="http://www.domain.com/thankyou.html "</script>

You don't need the first bits, as you aren't allowing the user to input from and to addresses.

Thank you Synook for your response... But sort of I am bit confused now. Which first bits are you referring about??? And what does I am not allowing the user to input from and to addresses mean?

[Synook]

Which first bits are you referring about???

This bit:

// Check for Website URL's in the form input boxesif (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}

And what does I am not allowing the user to input from and to addresses mean?

Here you manually specify from and to addresses:

// Set the names of input tags present in the form here.$myInputs = array("name","email","phone","comments","hearaboutus");$From="xxx@abc.com"; //from email Id$To = "xxx@abc.com"; //to email Id$Subject = "Visitor's Information from the Contact Us page!"; // set the Email Message subject$responseMessage = "Testing!... Testing!... Testing!..."; //The message that need to be displayed after submission.

[aamberker]

Hi Synook,YUP!!!... Got it what you meant. Thanks a ton dude. Will incorporate the code and upload the file.

[aamberker]

Hi All... [ Lulzim, are you around? ]To an extent the spamming has reduced BUT NOT completely ~ formmail.php ~******************************************************************************<?/* The text to be added to your HTML page is: action="formmail.php" to be added to form tag. assuming that formmail.php is in the same folder.<form id="form1" name="form1" method="post" action="formmail.php">*//*********************************************************************************/// Set the names of input tags present in the form here.$myInputs = array("name","email","phone","comments","hearaboutus");$From="contact@domain.com"; //from email Id$To = "person_ONE@aol.com"; //to email Id$Subject = "Visitor's Information from the Contact Us page!"; // set the Email Message subject $responseMessage = "Testing!... Testing!... Testing!..."; //The message that need to be displayed after submission./*********************************************************************************/if ($HTTP_SERVER_VARS["REQUEST_METHOD"]=="POST") { $emailMsg = "The following information has been submitted.:\n\n"; for ($i=0;$i<count($myInputs);$i++) { $emailMsg .= $myInputs[$i]." -- ".$_REQUEST[$myInputs[$i]]."\r\n"; } // Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string $emailMsg = preg_replace($pattern, "", $emailMsg); $emailMsg .= "\n\n"; $headers = "From: $From\nReturn-Path: ".$tReturn."\ncc:person_TWO@aol.com,xyz@gmail.com\n"; $emailOk=mail($To,$Subject,$emailMsg,$headers); // if ($emailOk) print $responseMessage;} //Posting ?><script>location.href="http://www.domain.com/thankyou.html"</script>******************************************************************************~ Formats of SPAMS ~Format ONEThe following information has been submitted.:name -- sirvunbykemail -- dlugwv@nhdvso.comphone -- 608966338comments -- a57PkB <a href=\"http://fbwrqqirobnu.com/\">fbwrqqirobnu</a>, ecwgitpvvomg, [link=http://cmkvztwyiscc.com/]cmkvztwyiscc[/link], http://yweamiixnjge.com/hearaboutus -- SelectFormat TWOThe following information has been submitted.:name -- Margaretemail -- daniel@hotmail.comphone -- 12345comments -- http://erickaogleqe.blogspot.com http://maymcquains.blogspot.com http://allisonburttc.blogspot.com http://malindarudnickimp.blogspot.com http://josefinaedgleyos.blogspot.com http://shellyespydt.blogspot.com http://benitaegnoreu.blogspot.com http://brandiburowxg.blogspot.com http://candicetuohydr.blogspot.com http://brandibahlus.blogspot.com http://marcihinckkc.blogspot.com http://cecilecarrontf.blogspot.com http://manuelabousquetmx.blogspot.com http://berniceliebowitzes.blogspot.com http://kayeashbrookpc.blogspot.com http://tiffanytudorch.blogspot.com http://lottieharnessho.blogspot.com http://rosawirthtm.blogspot.com http://gildahearneod.blogspot.com http://kariandresenkd.blogspot.com http://beverleybuhrmancf.blogspot.com http://phyllisfewellu.blogspot.com http://randiwilletteod.blogspot.com http://murielfolwellpe.blogspot.com http://pammcwatersut.blogspot.com http://dellabeadlep.blogspot.comhearaboutus -- SelectFormat THREEThe following information has been submitted.:name -- rwsbayaemail -- bnbfla@xogyru.comphone -- 593499991comments -- skob8T <a href=\"http://fbzewbatcemx.com/\">fbzewbatcemx</a>, vqqcpzznivbd, [link=http://egdsolfshpvf.com/]egdsolfshpvf[/link], http://kmjxnahufqjg.com/hearaboutus -- SelectSO HOW DO I FIX THIS???

[jlhaslip]

Do you have a "captcha" system on your contact form? One of those security Image things with the squiggly text that the user needs to type in? That will help remove spam since the sender needs to be a Human, not a Bot.(hard to tell some times )

[aamberker]

Do you have a "captcha" system on your contact form? One of those security Image things with the squiggly text that the user needs to type in? That will help remove spam since the sender needs to be a Human, not a Bot.(hard to tell some times )

Hey jlhaslip...Not sure what exactly is "captcha" but upon Google'ing, I understand that it's -A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) No Idea whether I have a "captcha" in my contact form... Check the following - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<form action="formmail.php" method="post" name="Base" id="Base" onSubmit="return checkForm();"> <table width="350" border="0"> <tr> <td width="107" class="text_1"><span class="text_1"><strong>Name:</strong></span></td> <td width="233"> <input type="text" name="name" size="20" style="background-color: #D4D0C8"></td> </tr> <tr> <td class="text_1"><strong>E-mail:</strong></td> <td><input type="text" name="email" size="20" style="background-color: #D4D0C8"></td> </tr> <tr> <td class="text_1"><strong>Phone:</strong></td> <td class="text_1"> <input type="text" name="phone" size="20" style="background-color: #D4D0C8">  (Optional)</td> </tr> <tr> <td valign="top" class="text_1"><strong>Comment:</strong></td> <td> <textarea name="comments" cols="25" rows="4" id="comments" style="background-color: #D4D0C8"></textarea></td> </tr> <tr> <td class="text_1 style1"><strong class="text_1">How did you Hear About Us :</strong></td> <td> <select name="hearaboutus" id="hearaboutus" style="width:146px;" style="background-color: #D4D0C8"> <option selected>Select</option> <option>Google</option> <option>AOL</option> <option>Yahoo</option> <option>Client</option> <option>Ad</option> <option>Radio</option> <option>Other</option> </select></td> </tr> <tr> <td class="text_1 style1"> </td> <td> </td> </tr> <tr> <td class="text_1 style1"> </td> <td><input type="submit" name="Submit" value="Submit">  <input type="reset" name="Reset" value="Reset"></td> </tr> </table></form>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~hummmm... hummmmm... hummmmm... So?

[justsomeguy]

Instead of trying to filter on keywords, set something up that would cause bots to act different then humans. Name your form elements something random, and include some hidden elements with the normal names. A human would only fill out the random names and not the hidden ones, but a bot would fill out the hidden ones because of the names. If the hidden ones are filled out then it's a bot.e.g.:<input type="text" name="name" size="20" style="display: none;"><input type="text" name="dj39edc8" size="20" style="background-color: #D4D0C8">

<?php$spam = $_POST['name'];$name = $_POST['dj39edc8'];if ($spam != ""){  //bot}else{  //human}?>

Include fields like "to", "subject", "message" etc to catch the bots.

[aamberker]

Hi justsomeguy,Thanks for your response but somehow I am unable to follow it... Could you please explain in a more easier way???

[Synook]

Basically you have bogus fields with logical name attributes and the real fields with random name attributes (but with logical labels so people will know which ones to fill in). The bogus fields are set to display:none; so that most people won't see them and won't fill them in, however a bot, which doesn't parse CSS (as it doesn't need to visually "see" the page) will be unaware of this and enter their spamming content in it. Then, on the form processing page, you check to see whether the bogus fields are filled in and if they were you most likely have a bot.

[justsomeguy]

This is how my form is set up:

	  <input type="text" name="name" style="display: none;">	  <input type="text" name="email" style="display: none;">	  <input type="text" name="subject" style="display: none;">	  <input type="text" name="comments" style="display: none;">	  <div class="form-label">Name:</div>	  <div class="form-left"><input type="text" name="md84idkf" class="input-std" size="30" /></div>	  <br class="clear">	  	  <div class="form-label">Email Address:</div>	  <div class="form-left"><input type="text" name="s83kf84j" class="input-std" size="30" /></div>	  <br class="clear">	  	  <div class="form-label">Phone:</div>	  <div class="form-left"><input type="text" name="l2ja74j9" class="input-std" size="15" /></div>	  <br class="clear">

And this is part of the PHP code:

  $name = 'md84idkf';  $email = 's83kf84j';  $phone = 'l2ja74j9';  $spam1 = form_var('name');  $spam2 = form_var('email');  $spam3 = form_var('subject');  $spam4 = form_var('comments');  $$name = form_var($name);  $$email = form_var($email);  $$phone = form_var($phone);  if ($spam1 || $spam2 || $spam3 || $spam4)  {	echo 'Error: your email was not sent.  Please press the Back button, refresh the page, and fill out the form manually.  If you have any automatic form fillers such as Google Toolbar, please make sure they are disabled.  Your submission was not able to be verified as coming from a human and was discarded.';	exit();  }  // send email

[aamberker]

Basically you have bogus fields with logical name attributes and the real fields with random name attributes (but with logical labels so people will know which ones to fill in). The bogus fields are set to display:none; so that most people won't see them and won't fill them in, however a bot, which doesn't parse CSS (as it doesn't need to visually "see" the page) will be unaware of this and enter their spamming content in it. Then, on the form processing page, you check to see whether the bogus fields are filled in and if they were you most likely have a bot.

Ohh!!!.. I see... hummmmm... hummm.... I GOT IT Synook!!! ... Thanks for your response.

[aamberker]

Hey justsomeguy...Got it... Will work on my HTML and PHP and then will revert back with the updated code. Thanks a lot.

[Synook]

<div class="form-label">Email Address:</div>

the <label> tag was invented for a reason...

[justsomeguy]

Oh calm down, it's just for the float. Besides, I wouldn't want a clever spam bot using a label to help decipher my form.

[aamberker]

e.g.:<input type="text" name="name" size="20" style="display: none;"><input type="text" name="dj39edc8" size="20" style="background-color: #D4D0C8">CODE<?php$spam = $_POST['name'];$name = $_POST['dj39edc8'];if ($spam != ""){ //bot}else{ //human}?>

Hi justsomeguy,Before proceeding to the "formmail.php" file, I would like to get clarified with the following updated .html code... Do I need to add or delete something???... Seems to be something needs to be add-up at "hearaboutus"... Am I making sense???<form action="formmail.php" method="post" name="Base" id="Base" onSubmit="return checkForm();"> <table width="350" border="0"> <tr> <td width="107" class="text_1"><span class="text_1"><strong>Name:</strong></span></td> <td width="233"> <input type="text" name="name" size="20" style="display: none;"> <input type="text" name="dj39edc8" size="20" style="background-color: #D4D0C8"></td> </tr> <tr> <td class="text_1"><strong>E-mail:</strong></td> <td><input type="text" name="email" size="20" style="display: none;"> <input type="text" name="cqwze803m" size="20" style="background-color: #D4D0C8"></td> </tr> <tr> <td class="text_1"><strong>Phone:</strong></td> <td class="text_1"> <input type="text" name="phone" size="20" style="display: none;"> <input type="text" name="zxbm720elk5" size="20" style="background-color: #D4D0C8">  (Optional)</td> </tr> <tr> <td valign="top" class="text_1"><strong>Comment:</strong></td> <td> <textarea name="comments" cols="25" rows="4" id="comments" style="display: none;"></textarea> <textarea name="rdx007bmw843" cols="25" rows="4" id="comments" style="background-color: #D4D0C8"></textarea></td> </tr> <tr> <td class="text_1 style1"><strong class="text_1">How did you Hear About Us :</strong></td> <td> <select name="hearaboutus" id="hearaboutus" style="width:146px;" style="background-color: #D4D0C8"> <option selected>Select</option> <option>Google</option> <option>AOL</option> <option>Yahoo</option> <option>Client</option> <option>Ad</option> <option>Radio</option> <option>Other</option> </select></td> </tr> <tr> <td class="text_1 style1"> </td> <td> </td> </tr> <tr> <td class="text_1 style1"> </td> <td><input type="submit" name="Submit" value="Submit">  <input type="reset" name="Reset" value="Reset"></td> </tr> </table></form>

[justsomeguy]

You don't need to add anything, you don't need a hidden field for each normal field, or you don't need every normal field to have a random name. Just enough so that you can tell if you're dealing with a bot or not. Having name, email, phone, and comments should be enough to determine who you're dealing with.

[aamberker]

You don't need to add anything, you don't need a hidden field for each normal field, or you don't need every normal field to have a random name. Just enough so that you can tell if you're dealing with a bot or not. Having name, email, phone, and comments should be enough to determine who you're dealing with.

Ohh!!!... I see.. hummmmm... Thank you for the clarification. Will work on the "formmail.php" file and revert back ASAP...

[aamberker]

Hi justsomeguy,

You don't need to add anything, you don't need a hidden field for each normal field, or you don't need every normal field to have a random name. Just enough so that you can tell if you're dealing with a bot or not. Having name, email, phone, and comments should be enough to determine who you're dealing with.

OKAY – I got that. Let's proceed with the back-end PHP code...

<?php$spam = $_POST['name'];$name = $_POST['dj39edc8'];if ($spam != ""){ //bot}else{ //human}?>

Still trying to understand how to incorporate the above example into my PHP code.By the way, the spams and the real human messages are coming like -

The following information has been submitted.:name -- xxxxxxxx email -- xxxxxxxx phone -- xxx-xxx-xxxx comments – blah… blah… blah… blah… hearaboutus – Client

Instead of -

The following information has been submitted.:name – xxxxxxxxemail – xxxxxxxxphone -- xxx-xxx-xxxxcomments – blah… blah… blah… blah…hearaboutus – Client

So?

[jlhaslip]

Add a "<br />" tag in the Email output to format the html. Typically, add a "<br />" tag with each "\n" (new-line).The "<br />" tag will adjust the html output, the "\n" adjusts the source code output, so you often use both together.

[aamberker]

Add a "<br />" tag in the Email output to format the html. Typically, add a "<br />" tag with each "\n" (new-line).The "<br />" tag will adjust the html output, the "\n" adjusts the source code output, so you often use both together.

Heyy jlhaslip...My HTML code is with many <tr> and <td> tags... See this...

<form action="formmail.php" method="post" name="Base" id="Base" onSubmit="return checkForm();"><table width="350" border="0"><tr><td width="107" class="text_1"><span class="text_1"><strong>Name:</strong></span></td><td width="233"><input type="text" name="name" size="20" style="display: none;"><input type="text" name="dj39edc8" size="20" style="background-color: #D4D0C8"></td></tr><tr><td class="text_1"><strong>E-mail:</strong></td><td><input type="text" name="email" size="20" style="display: none;"><input type="text" name="cqwze803m" size="20" style="background-color: #D4D0C8"></td></tr><tr><td class="text_1"><strong>Phone:</strong></td><td class="text_1"><input type="text" name="phone" size="20" style="display: none;"><input type="text" name="zxbm720elk5" size="20" style="background-color: #D4D0C8"> (Optional)</td></tr><tr><td valign="top" class="text_1"><strong>Comment:</strong></td><td><textarea name="comments" cols="25" rows="4" id="comments" style="display: none;"></textarea><textarea name="rdx007bmw843" cols="25" rows="4" id="comments" style="background-color: #D4D0C8"></textarea></td></tr><tr><td class="text_1 style1"><strong class="text_1">How did you Hear About Us :</strong></td><td><select name="hearaboutus" id="hearaboutus" style="width:146px;" style="background-color: #D4D0C8"><option selected>Select</option><option>Google</option><option>AOL</option><option>Yahoo</option><option>Client</option><option>Ad</option><option>Radio</option><option>Other</option></select></td></tr><tr><td class="text_1 style1"> </td><td> </td></tr><tr><td class="text_1 style1"> </td><td><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Reset" value="Reset"></td></tr></table></form>

I guess something is missing in PHP code...

[justsomeguy]

I guess something is missing in PHP code...

Why do you think that? It sounds more like something is stripping the HTML tags.