I thought I would append my initial post with what I've done to fix the problem.
1. Rename the form (add a "2" or something) Like this: before=contactForm.php; after=contactForm2.php. Which means you will need to make sure the path in the html form is pointing to the right place.
2. Add a "hidden" field in the contact form.
Like this:
<input type="text" name="email2" style="display:none" />
<input type="hidden" name="redirect_thanks_url" value="http://www.yourdomain.com/thankyou.htm" />
I put it between the last text field and above the submit button, but it doesn't matter where you put it...in fact, we might all help defeat spam bots if we put them in different places and even name the fields differently. In this example it's "email2"...see in the code above, and also in the php code below.
3. Add this php code to the for script (which you can download from the other post I talked about).
if(isset($_POST["email2"])) {
if(!empty($_POST["email2"])) {
# THIS IS PROBABLY SPAM
header("Location: ".$_POST["redirect_thanks_url"]);
exit();
}
}
You'll need to add it somewhere in the code inside the main opening and closing php code, make sure you don't put it inside another function. I put mine right after line 12 in the script mentioned on the other post.
What it's doing is basically telling the spam bot that there is a field to fill in. Bots are attracted to fields. So we attract it with a label like "email2" or "message" or something that's not already in use, but still attractive...not something like "honeypot" or "spamtrap".
It's hidden from humans, so if it's a human filling out the form, the script checks to see if the field is blank. If it's not blank, the script tosses the submission, but redirects to a thank you. I read that some bots wait to see if the redirect goes to an error page or not, then will try again.
Now, it's possible that spammers will teach their bots to look for "hidden" fields and not fill them in at some point, but then we can come up with something else.
For the time being, this helps.
Again, the contact form on the previous post still works just fine, but I'm afraid it's just a matter of time before a spam bot finds it and starts spamming you.
Hopefully you remembered where you got the script in the first place and checked back to see if there was a solution.
What a pain this spam thing is. It's like a battle of escalations and counter attacks. Kinda fun, just annoying and time wasting.
I looked into some CAPTCHA solutions but it was really difficult to implement, and most of them cost money. (CAPTCHA by the way means "Completely Automated Public Turing test to tell Computers and Humans Apart"
Hope this helps.
jorge
3 comments:
Great idea. I think the span can be avoided using captcha or some other mechanism which boots can't understand. Here at Artologics, is another way to avoid spam.
Have you considered using Re-captcha? It's free and works with PHP and helps digitize books.
I'm confused as to why you have no email address built in your php code. Ive gone the full circle trying to validate my contact form, i have setup using godaddy.com webformailer.php it works but no available require field tests within php. Ive tryed other formail versions but its tricky. Can you help John webdev@iolfree.ie ireland
Post a Comment