Matt Wright's FormMail: how to program a search keyword env variable?

Hey guys,

At the moment we’re using a php script for our website forms that I’m 99.9% certain has been hijacked (being crazily spammed, re-routing leads - we suspect this is happening due to several things in our E-Mail logs and other situations). So, I want to completely chuck the php script and use Matt Wright’s FormMail script in its place (or another more secure CGI/Perl script if you have any suggestions). Currently, our PHP script has a search engine keyword feature programmed in (whatever keyword was used to search for our site, assuming someone clicks on it, and it captures the keyword they used and displays it in the E-Mail that we receive with their submission). So, in short this same code in CGI/Perl should be able to:

  1. Capture the keyword the client used on the search engines to reach our site.
  2. Pass this data from the user automatically (they won’t be submitting this) through the form.
  3. Display it in the E-Mail submission that we receive. For example, the line might read:

User came from Google using the term “los angeles real estate” or something similar.

Thank you in advance for your help!

Matt’s scripts were written when he was a Perl n00b. Some Perl Mongers did a rewrite of his scripts (google for Not Matts Scripts or “nms form mail” : )

But if I were you I’d ask this over at PerlMonks.org. What you’re looking for is

  1. Capture the keyword the client used on the search engines to reach our site.

Grab referrer headers from the visitor’s user agent/browser… your server should be picking this up anyway (your server logs will have the google query in it).

  1. Pass this data from the user automatically (they won’t be submitting this) through the form.
  1. Display it in the E-Mail submission that we receive.

You’ll be tracking your users as they go through the site so your Perl script will need to be storing the search terms (and/or referrer urls) with something identifying the user (cookie maybe?) and when they submit the form, those two bits of info are just thrown together into a plain text email to you.

I’m a front-ender not a back-ender so I can’t help you much more than that. But the good folks at Perl Monks will know if
a: there’s already something that does this (CPAN is great)
b: what you’ll need to do if there isn’t.

Keep in mind that simply switching to Perl alone isn’t going to make you more secure: have someone with some security knowledge take a good look around right now, so you can see how the attackers got in. If passwords are getting leaked or code can be injected or whatever, Perl won’t change that and they’ll be back again.

The other thing to keep in mind is, was there a PHP guy on board? While a few simple Perl scripts can just hum along happily, it’s good to have someone who knows Perl around. Or, is someone at your company willing to learn it? While PHP borrowed some things from Perl, Perl’s different. (In a good way)