|
Posted by shimmyshack on 03/28/07 16:58
On 28 Mar, 09:35, "Andrew Bailey" <a...@idontwantanyspam.com> wrote:
> "Martin Mandl - m2m tech support" <martin.ma...@gmail.com> wrote in messagenews:1175070592.285015.208940@d57g2000hsg.googlegroups.com...
>
> > On Mar 28, 9:48 am, mouton <nos...@nospam.com> wrote:
> >> Hello,
>
> >> I have a contact form on my website that sends form data to a php page
> >> where the php mail() function collects and send them to me.
>
> >> On this action page, one variable contains my email address in the form:
> >> $myEmail = "myem...@blah.com";
>
> >> The trouble is that I receive a lot of spam through this and do not know
> >> how to avoid that. Could you please help me?
>
> >> Thank you.
>
> Hi Martin,
>
> Try...
>
> $myEmail1 = "myem...";
> $myEmail2 = "@";
> $myEmail3 = "blah.com";
>
> $myEmail = $myEmail1 + $myEmail2 + $myEmail3;
>
> Hope this helps
>
> Andy
yeah what andy is saying is that if you hard code the stuff that never
changes - in the php script that does the mailing, then you dont have
to send the data to the form in the first place and can simply delete
that part of the script/markup that sends uneeded variables.
the best way to avoid spam is not to have your email on the page, or
anywhere on the site, but to provide as you have done, a form with no
email, which simply allows text message to get sent, together with
THEIR email, so you contact them back. This method allows anyone to
spam you just as before of course, but then to increase security on
the form you use a captcha 0 an image thats hard for OCR enabled
spambots to read, which prevents autoposting of your form.
of course this might be circumventable - is that a word - if the image
is too clear, there are various implementations around, but follow
something like googles, which has a nice random background, and makes
the letters "wibbly" - a technical term :)
wordpress has an add on as do most other high profile blogging and CMS
engines, so they are worth a look to see how its done well.
you could also look at your market, and refuse to support spam that
originates from an IP in china - if you very unlikely to benefit from
such communication. Do you need the form to be up and runnin 24/7/265,
would you benefit from taking a look at the time of day of decent
posts compared to spam, and make the form display a "come back later",
or "click here" where the click here is in javascript with somekind of
fuzzer or randomiser to make it harder for the bots to grab the
meaning of the code, or the link from it.
You could make 2 contact forms, on different pages, the chances are
that a human will only post to one, whereas a spmmer might post to
both, you can have a link on each one pointing to the other to entice
those bots to follow. Perhaps to help your customers one is called
"sales" and the other "info".
Perhaps you can run the text of the post through a reg exp spamming
engine before you get to see it, that will cut out any spam that gets
to you. I would either do that server side, or run spampal, with
bayseian filter on. There are loads of free antispam transparent
proxies out there for you to use, even if you cannot modify the actual
code.
[Back to original message]
|