SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Stopping contact form spammers.

    Been working on stopping (slowing down?) contact form spammers.

    One of the main problems I was having is that the spammers seem to want to use "randomname @mydomain.com" for the email/name. Now I test for that in the cfif statement.

    In order to send, first it checks for a valid email ( or else cfmail crashes if you set reply-to="#form.email#" in the cfmail tag. Then it checks the spam rules.

    *note I commented/shortened the <cfmail> tag to simplify the example and provide a copy & paste-able chunk of code.

    If I dont send the information, the form persists the data.. if it does send, it hides the form and shows a text message instead.
    PHP Code:
    <cfparam name="form.name" default="">
    <
    cfparam name="form.email" default="">
    <
    cfparam name="form.comments" default="">

    <
    cfparam name="sent" default="no">

    <
    cfif IsValid("email",form.email)>
        <
    cfif form.name contains "@domain.com"
        
    OR form.email contains "@domain.com"
        
    OR form.comments contains "Content-Transfer-Encoding"
        
    OR form.comments contains "Content-Type"
        
    OR form.comments contains "bcc:"
        
    >
        
    Message not properly formattedPlease review.
        <
    cfelse>
            <!--- <
    cfmail>#message#</cfmail> --->
            
    <cfset sent "yes">
        </
    cfif>
    </
    cfif>

    <
    cfif not sent>
        <
    cfform>
            <
    div>
                <
    label for="name">Name:</label><br />
                <
    cfinput type="text" name="name" size="30" value="#form.name#" maxlength="255" validate="noblanks" required="yes" message="Please enter your name." /> *
            </
    div><div>
                <
    label for="email">Email:</label><br />
                <
    cfinput type="text" name="email" size="30" value="#form.email#" maxlength="255" validate="email" required="yes" message="Please enter valid email: mailbox@domain.com" />
            </
    div><div>
                <
    label for="comments">Message:</label><br />
                <
    cftextarea name="comments" value="#form.comments#" style="width:100%;" rows="8" required="yes" validate="noblanks" message="Please enter a message"></cftextarea>
            </
    div>
            <
    input type="submit" name="Submit" value="Send Message">
        </
    cfform>                  
    <
    cfelse>
        <
    p>Your message has been sentThank you for contacting us.</p>
    </
    cfif

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,215
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    over and above capturing the spam data (which is mailed to me, so that i have a record of every attempted spam post), i do this --
    Code:
     <CFHEADER STATUSCODE="403" STATUSTEXT="Forbidden" />
     <CFABORT>
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    SitePoint Wizard creole's Avatar
    Join Date
    Oct 2000
    Location
    Nashvegas Baby!
    Posts
    7,845
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's what I do. It's similar to yours, but I loop over each field in the FORM structure and test for the bad terms. I found that spammers will put anything, anywhere they can.

    PHP Code:
    <!--- list of no-no terms --->
    <
    cfset VARIABLES.valid 1>
    <
    cfset VARIABLES.badterms "MIME-Version,Content-Type,bcc:,Content-Transfer-Encoding,text/plain">

    <!--- 
    loop over form fields and see if there's any crap in them --->
    <cfloop index="field" list="#FORM.fieldnames#">
        <!--- loop over bad terms on this form field --->
        <cfloop index="term" list="#VARIABLES.badterms#">
            <!--- if there'
    s crap in the form field then cancel the loop and break out --->
            <
    cfif FindNoCase(term,Evaluate("FORM."&field))>
                <
    cfset VARIABLES.valid 0>
                <
    cfbreak>
            </
    cfif>
        </
    cfloop>
        <!--- if 
    there's crap in the form field then cancel the loop and break out --->
        <cfif NOT VARIABLES.valid>
            <cfbreak>
        </cfif>
    </cfloop>

    <cfif NOT VARIABLES.valid>
        redirect or display error message
    <cfelse>
        show the form
    </cfif> 
    Adobe Certified Coldfusion MX 7 Developer
    Adobe Certified Advanced Coldfusion MX Developer
    My Blog (new) | My Family | My Freelance | My Recipes

  4. #4
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Creole: Using the FORM.fieldnames variable is nice, I am modding my form to use this now. You are right, they will jam that info into any field.

    Rudy: Im trying to specifically not get those emails. I also prefer the 'soft fail' I programmed into my form, which just reloads the form data and gives a nebulous message as to why it failed.

    Thanks for the feedback

  5. #5
    SitePoint Wizard creole's Avatar
    Join Date
    Oct 2000
    Location
    Nashvegas Baby!
    Posts
    7,845
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Glad to help out.
    Adobe Certified Coldfusion MX 7 Developer
    Adobe Certified Advanced Coldfusion MX Developer
    My Blog (new) | My Family | My Freelance | My Recipes


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •