SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Rather simple contact PHP page, getting spammed, help me fix this problem please

    Alright guys I get a TON of spam emails through this contact page I made and I honestly do not see how they can spam this page so frequently.

    Here is my entire code for the page:


    Here is the LIVE version of this page:
    http://www.hh411.com/page/advertise/

    CODE:
    PHP Code:
    <html>
    <head>
    <script language="JavaScript" type="text/javascript">
    <!--
    function checkform ( form )
    {
      // ** START **
      if (form.name.value == "") {
        alert( "Please enter your name." );
        form.name.focus();
        return false ;
      }
        if (form.company.value == "") {
        alert( "Please enter your company." );
        form.company.focus();
        return false ;
      }
          if (form.website.value == "") {
        alert( "Please enter your website url." );
        form.website.focus();
        return false ;
      }
          if (form.email.value == "") {
        alert( "Please enter your email address." );
        form.email.focus();
        return false ;
      }
          if (form.phone.value == "") {
        alert( "Please enter your phone." );
        form.phone.focus();
        return false ;
      }
          if (form.budget.value == "") {
        alert( "Please enter your budget." );
        form.budget.focus();
        return false ;
      }
      // ** END **
      return true ;
    }
    //-->
    </script>

    <?
    #### check fields
    if (isset($Submit)) {
        
            
    mail("info@hh411.com""HH411 Advertisement Campaign Details""
    Name: 
    $name
    Company: 
    $company
    Website: 
    $website
    Email: 
    $email
    Phone: 
    $phone
    -----------------------------------------------------
    Campaign Information
    -----------------------------------------------------
    How soon would you like to advertise?
    $timeframe

    What type of business are you?
    $typebus

    What is your budget for this campaign?
    $
    $budget.00

    What type of advertising campaign are you looking for? 
    $camp_standard
    $camp_skyscraper
    $camp_artist
    -----------------------------------------------------
    Additional Comments
    -----------------------------------------------------
    Recorded I.P. address: 
    $_SERVER[REMOTE_ADDR]
    $comments","From: $email");
    ?>
    <script language="Javascript">

    <!--
    // please keep these lines on when you copy the source
    // made by: Nicolas - http://www.javascript-page.com
    alert("Your information has been submitted and you will hear back from us 24-48 hours.");

    //-->

    </script>

    <?

    }

    ?>

    <style type="text/css">
    <!--
    .border {border-style:solid;
    border-color:#000000;
    border-width:1px;
    }
    .style1 {
        font-size: large;
        font-weight: bold;
    }
    .style2 {
        font-size: x-small;
        font-weight: bold;
    }
    -->
    </style>

    </head>


    <body bgcolor="#FFFFFF"><p class="style1">Start Advertising with HH411 Community</p>
    <p>Start today with your ad online with one of the biggest Hip Hop Communities out on the internet. We have made it fast and easy to display your ad all over our network of websites. When you advertise with us, your ad gets placed on ALL of our sites. HH411 has been around since 2003 providing the internet with Hip Hop knowledge. If you are looking to advertise with the hip hop culture you have reached the right place! Fill out the following information and you will get a reply within 24-48 business hours.</p>

    <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td><form name="form"  method="post" onSubmit="return checkform(this);">
          <table width="400" border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td colspan="2" bgcolor="#CCCCCC" style="border:black 1px solid";><strong>Contact Information </strong></td>
            </tr>
            <tr>
              <td width="138">Your name: </td>
              <td width="262"><input name="name" type="text" id="name" size="40" /></td>
            </tr>
            <tr>
              <td>Company name: </td>
              <td><input name="company" type="text" id="company" size="40" /></td>
            </tr>
            <tr>
              <td>Website url:</td>
              <td><input name="website" type="text" id="website" value="http://" size="40" /></td>
            </tr>
            <tr>
              <td>Email address: </td>
              <td><input name="email" type="text" id="email" size="40" /></td>
            </tr>
            <tr>
              <td>Phone</td>
              <td><input name="phone" type="text" id="phone" size="40" /></td>
            </tr>
            <tr>
              <td colspan="2" bgcolor="#CCCCCC" style="border:black 1px solid";><strong>Campaign Information </strong></td>
            </tr>
            <tr>
              <td colspan="2">How soon would you like to advertise? </td>
            </tr>
            <tr>
              <td colspan="2"><select name="timeframe" id="timeframe">
                  <option value="Next Week">Next Week</option>
                  <option value="Couple Weeks">Couple Weeks</option>
                  <option value="later then month">Later then a month</option>
                  <option value="ASAP">ASAP</option>
              </select></td>
            </tr>
            <tr>
              <td colspan="2">What type of business are you? </td>
            </tr>
            <tr>
              <td colspan="2"><select name="typebus" id="typebus">
                  <option value="record label / artist">record label / artist</option>
                  <option value="online retail">online retail</option>
                  <option value="store">store</option>
                  <option value="marketing">marketing</option>
                  <option value="3rd party">3rd party</option>
                  <option value="other">other</option>
              </select></td>
            </tr>
            <tr>
              <td colspan="2">What is your budget for this advertising campaign? </td>
            </tr>
            <tr>
              <td colspan="2"><p>$
                <input name="budget" type="text" id="budget" size="8" />
                .00 <span class="style2">(Minimum $500) </span></p></td>
            </tr>
            <tr>
              <td colspan="2">What type of advertising campaign are you looking for? </td>
            </tr>
            <tr>
              <td colspan="2"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                  <tr>
                    <td width="7%"><input name="camp_standard" type="checkbox" id="camp_standard" value="Standard"/></td>
                    <td width="93%">Standard (468x60) </td>
                  </tr>
                  <tr>
                    <td><input name="camp_skyscraper" type="checkbox" id="camp_skyscraper" value="Leaderboard / Skyscraper"/></td>
                    <td>Leaderboard / Skyscraper </td>
                  </tr>
                  <tr>
                    <td><input name="camp_artist" type="checkbox" id="camp_artist" value="Artist Package Buzz"/></td>
                    <td>Artist Package Buzz </td>
                  </tr>
              </table></td>
            </tr>
            <tr>
              <td colspan="2" bgcolor="#CCCCCC" style="border:black 1px solid";><strong>Additional comments: </strong></td>
            </tr>
            <tr>
              <td colspan="2"><textarea name="comments" cols="50" rows="7" id="comments"></textarea>
                  <br>
                Your I.P. address is recorded for quality assistance.<br>
                <label>
                  <input name="ip" type="text" id="ip" value="<? echo $_SERVER['REMOTE_ADDR']; ?>" size="12" disabled="disabled">
                </label></td>
            </tr>
            <tr>
              <td colspan="2"><input name="Submit" type="submit" id="Submit" value="Send Advertisement Campaign Details" /></td>
            </tr>
          </table>
        </form>
        <p></p></td>
        <td><div align="right"><img src="/images/advertise_graphic.gif" width="303" height="557"></div></td>
      </tr>
    </table>
    <p>&nbsp;</p>
    </body></html>

    Alright now the emails that I am getting the budget field is left blank, and the emails are coming from all sorts of spam stuff like Viagra, Casinos and just a bunch of garbage. What can I change to eliminate these spam requests?

    Thanks for your time.

  2. #2
    He's No Good To Me Dead silver trophybronze trophy stymiee's Avatar
    Join Date
    Feb 2003
    Location
    Slave I
    Posts
    23,423
    Mentioned
    2 Post(s)
    Tagged
    1 Thread(s)
    Just add image verification to the form (a.k.a. CAPTCHA). SitePoint has an article for setting that up.

  3. #3
    Non-Member Gator99's Avatar
    Join Date
    Sep 2004
    Location
    Florida
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use captcha instead of filtering input, that's an interesting approach. If you really want to prevent form hijacking you have to validate all your fields. Here is the minimum thing you want to do to check for bcc/cc injection:
    Code:
    $jack=0;
    foreach($_POST as $k => $v){
      if(preg_match("/\r*\n|%0a|%0d/i",$v)){
        if(preg_match("/boundary|content-type|b*cc:/i",$v)){
          $jack=1;
        }
      }
    }
    if($jack){//email yourself the offenders IP and other Server variables
    }
    else{// send the email
    }

  4. #4
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    there is almost zero field verification on that script. try checking some of the fields to make sure the values submitted are what they are supposed to be. also, the hidden field for the IP address isn't even used, and it wouldn't be safe if it was, so i would suggest taking it out.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •