Posted by Ken Robinson on 09/17/05 06:52

Paul Marshall wrote:
> Thanks for your suggestions everyone, I found a post by someone else
> having the same problems who suggested setting a session that pemits any
> emailing unless it has been set on the page containing the form. This
> seems to have done the trick for now! If not I will try the slashes
> suggestions.

One more suggestion. When these spambots starting hitting my sites (one
in particular), I started doing what other folks suggested to clean the
entries. But that is just more work. Here's what I am doing now:

foreach ($_POST as $k=>$v) // check all posted fields for
//'Content-Type'
if (strpos($v,'Content-Type:') !== false) {
//
// Removed tracking email I send back to myself when this occurs
//
header("HTTP/1.0 404 Not Found"); // Put up a 404
exit(); // get out
}
//
// If it gets past the above, check if the submit value has been
changed
// from what you expect. In this instance I expect the value to be
// 'Send RequestThe spambots are not using your form, but have
// screen scraped your form and have gotten the names you pass back
//
if (isset($_POST['submit']) && ($_POST['submit'] != 'Send Request')) {
//
// Removed tracking email I send back to myself when this occurs
//
header("HTTP/1.0 404 Not Found");
exit();
}

Putting out the 404 message hasn't stopped the spambots from trying,
but no mail has been sent by any of them since I implemented this
check.

Ken

[Back to original message]