Getting rid of a spammer

dburdon · #1 (**permalink**) 10-08-2006, 02:32 PM

How do I get rid of an e-mail spammer.

They are bombarding me by autocompleting enquiry forms on my site.

I suspect they came from the WebProWorld forum. Are other members suffering.

I intially published a link to their site but thought better of it.

sands · #2 (**permalink**) 10-08-2006, 08:22 PM

Such a problem was discussed here before:
http://www.webproworld.com/viewtopic.php?t=62349
Have a look, some points raised might prove to be useful.

kgun · #3 (**permalink**) 10-09-2006, 11:41 AM

David.

1. Get rid of the known bad bots via .htaccess if you are on an Apache server.

Here are two not updated examples:

http://multifinanceit.com/htaccess.txt

http://multifinanceit.com/htaccess1.txt

2. Authenticate your most serious visitors before they submit an email form. Collect them in a table in your database if you use that.

3. Write your email on a picture for other visitors. Collect them in another table, in your database.

4. More advanced. Write different Email classes (that may inherit structure from a more or less abstract baseclass): Email1Class, Email2Class, ..., EmailnClass where all classes allocate emails to different tables. Then you may streamline your emails from different sources to different tables. You decide how fine you will make the cathegories.

dburdon · #4 (**permalink**) 10-09-2006, 11:52 AM

Kjell,

thanks for these. I'm using rather a crude e-mail system. Time to update.

cocofried · #5 (**permalink**) 10-17-2006, 06:31 PM

I get spammers that fill my contact form on my site at http://nuhair.net

I am looking for a code for a form checker. The checker is inserting letters and numbers that come up randomly in a box. Only after a match the form is submitted.

BIG THANKS

kgun · #6 (**permalink**) 10-20-2006, 12:06 PM

Quote:

Originally Posted by cocofried

I am looking for a code for a form checker.

I do not think you need to reinvent the wheel. The PEAR HTML_QuickForm class (API) does it for you.

The following code is a start ( I cannot reproduce the complete code since it is cut from:
The PHP Anthology: Object Oriented PHP Solutions chapter 9.

<?php
require_once ("HTML/QuickForm.php"); //Pear must be in your path (php.ini).

function cmpPass($element, $confirmPass)
{
global $form;
$password = $form->getElementValue('password');
return ($password == $confirmPass);
}

// A function to apply mysql_real_escape_string
function escapeValue($value) {
return mysql_real_escape_string($value);
}

// A function to encrypt the password
function encryptValue($value) {
return md5($value);
}

// Instantiate the QuickForm class
$form = new HTML_QuickForm('regForm', 'POST');

// Register the compare function
$form->registerRule('compare', 'function', 'cmpPass');

.................................................. ......................
?>

Volume II chapter 1 has more advanced access control and authentication systems. Here is an article related to that chapter.

The PHP Anthology Volume 2, Chapter 1 - Access Control

NOTE: Everything you send over the internet in plain text may be hijacked by a packet sniffer. When you send confidential information such as financial details, use an encryption technology such as SSL, eg. OpenSSL.

meddlingwithfire · #7 (**permalink**) 10-20-2006, 03:49 PM

Not sure how much web programming you know, but you can use pretty much any server-side script to check an IP address. If the submitted form came from an IP you know is a bot, don't trigger an email.

cocofried · #8 (**permalink**) 10-20-2006, 09:15 PM

Tkgun, thanks for the info but since I use WINDOWs format on my site, will I be able to use this PHP code?

AND I am not much of a programmer. I use MS FrontPage for my site...

ALL help is appreciated

**JMuncy** · #9 (**permalink**) 10-24-2006, 09:19 AM

You could always put a captcha on your form to prevent some of the problem.

cocofried · #10 (**permalink**) 10-25-2006, 10:12 AM

Easy "captcha" code and istruction HOW is what I looking for to use with WINDOWS server. Can you recommend any?

kgun · #11 (**permalink**) 10-26-2006, 09:39 AM

Quote:

Originally Posted by meddlingwithfire

Not sure how much web programming you know, but you can use pretty much any server-side script to check an IP address. If the submitted form came from an IP you know is a bot, don't trigger an email.

If you know that this is a bot you should also know if it is a bad bot and block access to it on your whole site in .htaccess. Email harvesting bots are bad bots.

Quote:

Originally Posted by cocofried

Tkgun, thanks for the info but since I use WINDOWs format on my site, will I be able to use this PHP code?

I run php, MySQL etc on windows XP and have no problems.

Look here:
Make your own "test web server" in 5 minutes.

If you mean, MS IIS server, I do not know if that is possible since that is not my web platform.

MS IIS server is seamless fitted to ASP.NET etc. PHP, MySQL and Apache is good enough for me so long.

Note the following:
Apache mod_rewrite

IIS ISAPI_Rewrite