I am using contact form in my website with recaptcha validation. but some how I am getting lots of spams from last few days.
I am also using this code to check the referer… Can anyone help me in securing my contact email form.
$referer = "xxx.com";
if (!(preg_match("/$referer/i",$_SERVER['HTTP_REFERER']))){
echo "Access Denied! ,
<META HTTP-EQUIV='refresh' content='0;URL=http://www.xxx.com'>
";
exit;
}
else
{
....
}
You can’t stop spammers altogether, as sometimes they are individuals manually filling in your form. You could at least ban their IP address. Is all this spam coming from one source?
Every time, they send different links through contact form. I am not sure, they are exploiting the script or manually filling the form.
IF I ban thier IP, will it affect other users?
It will affect anyone else who tries to visit from that IP address. If it is someone doing this from their home, that’s no real problem, but if they are (for argument’s sake) sending out this spam from a university computer, you could theoretically be banning the whole campus. 
So an IP ban can be a big decision. (I don’t know much about IP addresses, though, so it would be good to get more opinions on this.)