Reply to Re: Contact Form Spam

Your name:

Reply:


Posted by Manuel Lemos on 01/24/08 01:47

Hello,

on 01/23/2008 11:31 PM Shelly said the following:
> I have a contact form. On this form there is a randomly generated
> string of characters that must be copied. If it is not typed
> properly, the form is not processed. If filled out correctly, an
> email is sent to the sender and a copy to the owner. All of the
> sending is done in php and no email addresses appear on the form (nor
> in the view source). Everything is done in php.
>
> What is happening is that junk filled forms are being sent and they
> are bypassing the security code requirement. To see what was
> happening, I included both the generated and typed codes in the email
> that is sent. When I fill it out, the email contains matching codes.
> The spam email has empty fields.
>
> Finally, I changed the form yesterday to include those security code
> echos. Today's spam has the changed form.
>
> Questions:
> 1 - How are they accessing the the code to generate these emails?

They may not necessarily be accessing your code. You just assumed that.


> 2 - How are they bypassing the check of the security code?

If you are using a image based CAPTCHA, there is code to brute force
guess the text in the CAPTCHA images using OCR (Optical Character
Recognition) solutions. Here is a simple OCR written in pure PHP.

http://www.phpclasses.org/phpocr


> 3 - Most importantly, what can I do to stop them?

Use a better CAPTCHA. Here are several CAPTCHA solutions that use more
advanced techniques. Some use more ofuscated images, others ask
subjective questions to the user, others use animated images, etc..

http://www.phpclasses.org/searchtag/CAPTCHA/by/package/tag/CAPTCHA/


--

Regards,
Manuel Lemos

PHP professionals looking for PHP jobs
http://www.phpclasses.org/professionals/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация