Block URLs in Contact Form (Perl)

[gavinscott]

I'm sure this must have been discussed elsewhere, but I have searched and searched and cannot find an answer!

I have a very simple contact form, using Matt's Script (Perl), which is being inundated with spam. To combat this I want to block anyone from submitting links. I thought it would be really easy, but I can't find any information on how to do this. Does anyone know a simple way of blocking submissions that contain the string 'http'? (Using Perl; I don't have PHP)

I have basically zero knowledge of perl, so a piece of code that I can copy and paste would be appreciated!

I have tried using BFormMail, which allows you to block strings, but if I add either 'http' or 'www' to the forbidden strings list it won't allow anything to be submitted. If anyone has knowledge of this that would also be appreciated.

To be clear: I am not looking for any other method of blocking spam; I think Captchas and hidden fields both have drawbacks, and 99% of spam contains links so this seems to me the best way to eliminate it.

Thanks in advance for your help.

Gavin

[kyanwan]

This, should get a lot. Note here, that it's not a comprehensive block:

Code:

sub strip {
        $your_text_line =~ s/(\S*(\.www|\.com|\.net|\.org)\S*)//gi;
}

( This detects a single word - any number of times. It starts with characters (\S = non whitespace), then ends with a domain type - followed by any number of characters - 0 or more. This will catch someone typing in something that resembles a URL - or a URL with some directory structure, even improperly formatted URLs. ( without the http part. ) The //gi - is the substitution part & modifiers. // = substitute with nothing. gi = global (g), ignore case (i). )

After the "org", you'll want to put a "|" then other domain types.

I want to also add, if your spammers are inserting domains, you might want to:

Code:

if ($text_line =~ /(\S*(\.www|\.com|\.net|\.org)\S*)//) { 
    die ("URL post detected, killing program");  # Quit program, don't post.  
}

If you want to give it a spin - copy the top part of code, then make a few variable called "$your_text_line" with some examples of your spam posts:

Code:

$line = "hi this is my url http\:\/\/www\.google\.com please visit it.";
&strip;
print "$line \n";
#Repeat the top 3 lines any number of times to test, with every example you can think of.  

sub strip {
        $your_text_line =~ s/(\S*(\.www|\.com|\.net|\.org)\S*)//gi;
        # After the end of each domain type, add another |\. - then a new domain type - like "fm" or "tv" - 
        # do as many as you can think of, or make one from a list of all domain types. 

}

[maclady]

I too was faced with that problem, so I finally switched to FormToEmailPro - it's awesome, it's easy and it works great - no more form spam problems! And the author (Charles) gives tech support that is simply amazing. I use the pro version, but he offers a free version too. Try it out, you won't regret it.
Visit his site here: formtoemail.com
(sorry I can post a clickable link)
Maclady

[kyanwan]

Just a clarification - the code I posted will only hunt out URLs and replace them with whatever you want.

You could do this if you wanted:

Code:

        $your_text_line =~ s/(\S*(\.www|\.com|\.net|\.org)\S*)/Please don\'t post links/gi;

Personally, I'd rather drop the post altogether than substitute.

[gavinscott]

Thanks for your replies.

Kyanwan, am I right in thinking the code you posted just strips out urls, but still sends the mail? This wouldn't have any advantage to me, as I would still receive the spam (it's a contact form, not a forum).

Maclady, unfortunately formtoemail requires PHP.

However, I think I have found the solution with BFormMail! When I added 'http' to forbidden strings it was disallowing all posts, but I realised that this is because it was seeing the redirect address, which I had written out in full (http://www....). Once I changed this and all other address within the form to relative addresses (/thankyou.html) it works fine. (So far!) No spam for over two hours now!

[Faglork]

Hi!

There is a somewhat secure direct replacement for Matt's formmail script, called nms form mail - http://nms-cgi.sourceforge.net/scripts.shtml

But I suggest using their TFMail, it is more advanced, you can configure it to not show the receiver in the HTML form code, and it works almost the same. And it can handle UTF-8.

Cheers,
Alex

[gavinscott]

Hi Alex

Yes, I've tried nms, but it still didn't have the option to disallow links (as far as I know). BFormMail (http://www.infosheet.com/iScripts.html) - also an updated version of Matt's Script - seems to be working great though! No spam in 16 hours, and no difference whatsoever from the user's point of view: no captcha, hidden fields, or maths questions to answer; they just can't submit links, which, as it's a contact form, they shouldn't need to do anyway.