Pogacha
10-23-2007, 07:24 PM
Hi,
I have a couple of forms in my site and I secured them against bad uses like injecting headers and so. Unfortunately I used to have a thing like 3K Spam mails per month coming from those forms.
After a couple of month without any Spam coming from the forms I finally can say that the funny system I implemented worked out the problem :) .
Maybe you already know it but I didn't and I realized it by myself so I wanted to share it with other people which may not know it.
What is it about?
Spam robots don't work with javascript.
And that's all!
The form validate itself using javascript, if javascript isn't enabled it takes you to a different page with the e-mail address written in a graphic format.
In my case I make this implementation:
contactnjs.php is a page with the image for the email.
send.php is the real sending script page.
To send the visitor to other page if there is no javascript:
<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=contactnjs.php">
</noscript>
Unfortunately this is not enough :(
Spam robots skip the redirection ...
To validate the form:
This is the form html command, when you click on the button it takes you to "contactnjs.php"
<form name="ContactForm" method="post" onsubmit="javascript: return ValidateForm(this)" action="contactnjs.php">
This is the validation function, when the script calls it, it changes the action of the form so no longer takes you to the wrong page.
function ValidateForm(form)
{
... I also check for empty fields here
form.action = "send.php";
return true;
}
In the special case that someone doesn't have javascript enabled, the site will take him to the special page. If the visitor is a robot it will think that the mail was successfully sent. No one is hurt.
It took me 4 or 5 hours, but a lot less time than deleting Spam.
I hope someone find it useful.
GL
I have a couple of forms in my site and I secured them against bad uses like injecting headers and so. Unfortunately I used to have a thing like 3K Spam mails per month coming from those forms.
After a couple of month without any Spam coming from the forms I finally can say that the funny system I implemented worked out the problem :) .
Maybe you already know it but I didn't and I realized it by myself so I wanted to share it with other people which may not know it.
What is it about?
Spam robots don't work with javascript.
And that's all!
The form validate itself using javascript, if javascript isn't enabled it takes you to a different page with the e-mail address written in a graphic format.
In my case I make this implementation:
contactnjs.php is a page with the image for the email.
send.php is the real sending script page.
To send the visitor to other page if there is no javascript:
<noscript>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=contactnjs.php">
</noscript>
Unfortunately this is not enough :(
Spam robots skip the redirection ...
To validate the form:
This is the form html command, when you click on the button it takes you to "contactnjs.php"
<form name="ContactForm" method="post" onsubmit="javascript: return ValidateForm(this)" action="contactnjs.php">
This is the validation function, when the script calls it, it changes the action of the form so no longer takes you to the wrong page.
function ValidateForm(form)
{
... I also check for empty fields here
form.action = "send.php";
return true;
}
In the special case that someone doesn't have javascript enabled, the site will take him to the special page. If the visitor is a robot it will think that the mail was successfully sent. No one is hurt.
It took me 4 or 5 hours, but a lot less time than deleting Spam.
I hope someone find it useful.
GL