Help me stop form spammers

**spVince** · May 30, 2007 15:12

Hi all,
I am using a PHP form for quote requests, but getting spammed with URL's in the comment field.

I have added code to stop the spam bots, but unfortunately still get plenty of spam because they seem to be using cheap labour HUMANS.

The only reason for them to spam, is to add loads of links into the comments field in the hope we click on them. I have managed to strip the URL's but they obviously don't know so keep submitting their spam.

Can anyone suggest the PHP code to actually stop the form from being submitted if it contains any URL in the comments field, and redirect them to a 'sorry-no-links-allowed.html' page?

Appreciate your help.

- Vince

**Kayzio** · May 30, 2007 15:15

Use your method that removes urls to detect them and if one is detected send a header to redirect them to the no urls page.

**spVince** · May 30, 2007 15:42

Thanks for reply, but I should have mentioned I cannot write code, only copy-paste suggestions

Cheers,

- Vince

**devbanana** · May 30, 2007 17:46

You don't know PHP? Why not ask someone to do this for you in the marketplace, then? no one here's going to give you the code...

**spVince** · May 30, 2007 23:26

Originally Posted by devbanana

You don't know PHP? Why not ask someone to do this for you in the marketplace, then? no one here's going to give you the code...

Why not, what makes this particular request/code classify as a candidate for the marketplace forum?

Thanks,

- Vince

**hexburner** · May 31, 2007 02:16

Thanks for reply, but I should have mentioned I cannot write code, only copy-paste suggestions

You shouldn't have said that.

Use your regular expression that strips the url's from the messages.

PHP Code:


if (eregi("your pattern here", $message)) {
    header('Location: nolinks.html');
}

**devbanana** · May 31, 2007 03:49

Originally Posted by spVince

Why not, what makes this particular request/code classify as a candidate for the marketplace forum?

Thanks,

- Vince

Because this board isn't a place to get free code. It's a place to get help with PHP, when you already know it and are having trouble getting something to work. Of course that's my opinion but I don't see why anyone would just give you the code when you're never going to learn from it because you don't know PHP.

**Kayzio** · May 31, 2007 06:28

I agree with you devbanana

**spVince** · May 31, 2007 14:53

Originally Posted by hexburner

You shouldn't have said that.

Use your regular expression that strips the url's from the messages.

PHP Code:


if (eregi("your pattern here", $message)) {

    header('Location: nolinks.html');

}

Thanks for this hexburner. Looks logical, but not sure how to integrate it within what I already have:

PHP Code:


$Comments = strip_tags($Comments);

$Comments = ereg_replace("<.*>","", $Comments);

$Comments = ereg_replace("http://*.","", $Comments);

Sorry to others that are upset by my post for help in this forum, and I will report this thread to the moderators myself and ask to move it to where it should reside.

Best regards,

- Vince

**catweasel** · May 31, 2007 14:57

Originally Posted by devbanana

Because this board isn't a place to get free code. It's a place to get help with PHP, when you already know it and are having trouble getting something to work. Of course that's my opinion but I don't see why anyone would just give you the code when you're never going to learn from it because you don't know PHP.

True .. but I hate spammers and this sounds like email injection issue to me... which would only take one line of code to fix.

Originally Posted by spVince

The only reason for them to spam, is to add loads of links into the comments field in the hope we click on them. I have managed to strip the URL's but they obviously don't know so keep submitting their spam.

If this is a form which emails quote requests to you (or someone else) the actual target for the spam is not the recipient but the 10,000 other email addresses the attacker has 'injected' into the headers.

Is this an email application?

Can you please post the code for the application here.. be sure to use [ php] [ /php] tags around your sample code to get syntax highlighting.

**Tom Brokaw** · May 31, 2007 15:42

redirect to a goatse for maximum effectiveness

**spVince** · May 31, 2007 15:44

Hi catweasel,
Thanks for the support in trying to stop these anoyances.
The whole code is basically a slightly modified phpFormGenerator script to include some bug fixes and other antispam measures as suggested by others:

https://sourceforge.net/projects/phpformgen/

Have already included mods to stop header injection since the massive amount of that type of exploit hit most sites approx 18 months ago.

Here is current code I have for the 'process' file:

PHP Code:


<?php

// First, make sure the form was posted from a browser. 

// For basic web-forms, we don't care about anything 

// other than requests from a browser:     

if(!isset($_SERVER['HTTP_USER_AGENT'])){ 

   die("Forbidden - You are not authorized to view this page"); 

   exit; 

} 



// Make sure the form was indeed POST'ed: 

//  (requires your html form to use: action="post")  

if(!$_SERVER['REQUEST_METHOD'] == "POST"){ 

   die("Forbidden - You are not authorized to view this page"); 

   exit;     

} 



include("global.inc.php");

$errors=0;

$error="The following errors occured while processing your form input.<ul>";

pt_register('POST','Date');

pt_register('POST','Monthyear');

pt_register('POST','Notime');

pt_register('POST','Website');

pt_register('POST','Formname');

pt_register('POST','Firstname');

pt_register('POST','Lastname');

pt_register('POST','Companyname');

pt_register('POST','Email');

pt_register('POST','Telephone');

pt_register('POST','Market');

pt_register('POST','Comments');

pt_register('POST','Estimatedvalueequipment');

pt_register('POST','Signedupnewsletter');

pt_register('POST','visitorip');



$Comments = strip_tags($Comments);

$Comments = ereg_replace("<.*>","", $Comments);

$Comments = ereg_replace("http://*.","", $Comments);

$Comments = ereg_replace("[*.*]","", $Comments);



$Estimatedvalueequipment = str_replace("£", "", $Estimatedvalueequipment);

$Estimatedvalueequipment = str_replace(",", "", $Estimatedvalueequipment); 

$Estimatedvalueequipment = str_replace(" ", "", $Estimatedvalueequipment);

$Estimatedvalueequipment = str_replace("$", "", $Estimatedvalueequipment); 

$Estimatedvalueequipment = str_replace("/", "", $Estimatedvalueequipment);

$Estimatedvalueequipment = str_replace("?", "", $Estimatedvalueequipment);

$Estimatedvalueequipment = str_replace("", "", $Estimatedvalueequipment);   



// Store current user's IP in a variable

$visitorip = $_SERVER['REMOTE_ADDR'];

$Date = date("d/m/Y H:i:s");

$Monthyear = date ("m/Y");

$Notime = date ("d/m/Y");

if($errors==1) echo $error;

else{

$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));

$message="Date: ".$Date."

Website: ".$Website."

Market: ".$Market."

Form name: ".$Formname."

First name: ".$Firstname."

Last name: ".$Lastname."

Company name: ".$Companyname."

Email: ".$Email."

Telephone: ".$Telephone."

Comments: ".$Comments."

Estimated value equipment: ".$Estimatedvalueequipment."

Signed up newsletter: ".$Signedupnewsletter."

Visitor IP: ".$visitorip."



";

$message = stripslashes($message);

//VALIDATION

if (eregi("\r",$Formname) || eregi("\n",$Formname) || eregi("Content-Type:",$Formname)){ 

die("SPAM Injection Error :("); 

}

if ($Formname == "" || $Formname == "/r" || $Formname == "/n" || $Formname == " ") {

die();

}

if (preg_match("/@/i", "$Formname")) {

die("SPAM Injection Error :("); 

} else {

//Ends here

mail("quotes@mydomain.com,marketing@mydomain.com","Quote Request : End user1 : ".$Market,$message,"From: ".$Email);

$link = mysql_connect("localhost","username","password");

mysql_select_db("dbname",$link);

$query="insert into webforms (Date,Monthyear,Notime,Website,Form_name,First_name,Last_name,Company_name,Email,Telephone,Comments,Estimated_value_equipment,Preferred_term_lease,Signedup_newsletter,visitorip,Market) values ('".$Date."','".$Monthyear."','".$Notime."','".$Website."','".$Formname."','".$Firstname."','".$Lastname."','".$Companyname."','".$Email."','".$Telephone."','".$Comments."','".$Estimatedvalueequipment."','".$Signedupnewsletter."','".$visitorip."','".$Market."')";

mysql_query($query);



header("Refresh: 0;url=../quotes/request_a_quote_thanks.html");

}

?><?php 

}

?>

Thanks again for your assistance.

- Vince

**catweasel** · May 31, 2007 16:58

Originally Posted by spVince

Hi catweasel,
Thanks for the support in trying to stop these anoyances.
The whole code is basically a slightly modified phpFormGenerator script to include some bug fixes and other antispam measures as suggested by others:

well it sounds like you've already taken steps to thwart injection attacks.. but anyway put these few lines right at the top immediately after <?php

PHP Code:


$from = $_POST["Email"];

$Comments = $_POST['Comments'];

$from = urldecode($from);

if (eregi('\r', $from) || eregi('\n',$from))

    die("Injection attack");



if (eregi('http://*.', $Comments))

    die ("Link in the comments field");

I wouldn't really worry about forwarding the spammers to a 'nolinks' page.

User Tag List

Thread: Help me stop form spammers

Thread Tools

Display

Help me stop form spammers

Bookmarks

Bookmarks

Posting Permissions