|
|
Posted by Francois Bonzon on 01/12/07 23:05
On 2007-01-12 23:25:55 +0100, Chuck Anderson <websiteaddress@seemy.sig> said:
> I have a contact form on my site (been there for a few years) and just
> lately someone has begun using it to send Spam to me - and only to me
> (one to three times a day). I can tell because I track the usage of
> those contact form scripts (that I wrote) closely. The person is not
> even trying to inject anything into the headers, they are just sending
> me URLs to their porn sites.
>
> Is there any way to block this kind of usage? I've tried the usual
> tricks (hidden form field - checking referrer), but they always
> (almost) check out okay. The originating IP address changes every
> time, of course - and the porn sites are usually already gone.
>
> I'm already cleaning all my form variables (checking for LF and CR and
> content_type and cc:), so that is not my problem. It's just the few
> annoying emails I get.
>
> [ ..... Is this actually a productive way for spammers to distribute
> their crap ... one email per form?]
I had the exact same problem with my contact forms, that I solved by
ignoring the e-mail if the body contains 3 times or more the string
"http://". Those spam e-mails contained always 10 times or more the
spammer's web link, to be sure we don't miss it. Legitimate senders
never send me even a single web link in their message. This way, a
single link, or even two, is still allowed.
Here is my very simple anti-spam function:
/**
* Simple SPAM filter
*
* Mail is rejected if body contains more than two HTTP link.
* @param string $body Message body
* @return bool Mail is spam
*/
function is_spam ($body) {
return substr_count($body, 'http://') > 2;
}
Navigation:
[Reply to this message]
|