Posted by Shelly on 01/24/08 01:31

I have a contact form. On this form there is a randomly generated
string of characters that must be copied. If it is not typed
properly, the form is not processed. If filled out correctly, an
email is sent to the sender and a copy to the owner. All of the
sending is done in php and no email addresses appear on the form (nor
in the view source). Everything is done in php.

What is happening is that junk filled forms are being sent and they
are bypassing the security code requirement. To see what was
happening, I included both the generated and typed codes in the email
that is sent. When I fill it out, the email contains matching codes.
The spam email has empty fields.

Finally, I changed the form yesterday to include those security code
echos. Today's spam has the changed form.

Questions:
1 - How are they accessing the the code to generate these emails?
2 - How are they bypassing the check of the security code?
3 - Most importantly, what can I do to stop them?

Shelly

• Next in forum: Re: Contact Form Spam
• Prev in forum: Re: Is it possible to handle form submission in the same file?
• Thread view: Contact Form Spam

[Reply to this message]