Contact Form Spam

  Peter Lanky 10:54 29 Mar 2009

I have a contact form on my website inviting people to enquire about my services. During the last 4 weeks all my spam has been of a similar style. The email address where the spam comes from is almost always in the form [email protected] with the names always being normal rather than silly, though the name of the sender is often silly. The other fields just contain random characters. The message always says "Good site, Admin" or "Good Post, Admin". No trying to link me to porn or sell me drugs or anything with any purpose at all.

Has anyone else experienced this, and if so, what are the aims of the spammer?

  Fruit Bat /\0/\ 11:04 29 Mar 2009

what are the aims of the spammer?

If you open/reply they know it has reached a valid address, the real spam will then follow later.

Delete all e-mails from unknown addresses without opening.

  Peter Lanky 11:14 29 Mar 2009

I delete them as a matter of course. However the spammer would easily know that the email address was valid as nobody would have a contact form that delivers an email to an address that doesn't exist (unless they have a commercial death wish) so I still cannot see the gain. And why "Good site, Admin" or "Good Post, Admin" as a message?

  Taff™ 11:25 29 Mar 2009

I have a similar problem with a couple of sites I host. The PHP script I use is supposed to get round this but someone has cracked the code and the spam actually comes via the contact form. Most annoying! What type of Form Mail are you using? Can you give us a link to your Contact Form.

  Peter Lanky 11:35 29 Mar 2009

Link to contact form: click here
I have all sorts of the normal spam in the past, and though annoying, spam hasn't yet got to the stage where I cannot find real emails. This current 'campaign' of spam started very suddenly, and at the moment 90% of my spam has "Good site, Admin" or "Good Post, Admin" as the message.

  Taff™ 12:42 29 Mar 2009

I`ve had a quick look and it seems to use a PHP script called feedback.php - I assume this was a free script or was this feature provided by a website designer? In any event it may be customisable to include a Captcha element where the users have to enter a random set of numbers or letters before submitting the form.

I too get a few with similar subject titles and the most persistant are from Rumania. This thread might get more qualified advice in the Web Design Forum. I`ll suggest that FE moves it there for you and watching with interest.

  Forum Editor 13:33 29 Mar 2009

to WebDesign.

  Peter Lanky 13:55 29 Mar 2009

I have tried to incorporate a Captcha element before, but the end result always looked a mess. It wss a bit beyond my technical ability, so I removed it.

  HighTower 18:58 29 Mar 2009

You could try including an antispam question in the form. I use one such as "what is 6 + 3", and if the answer submitted in the form is anything other than 9 then the form cannot be submitted.

If you use Dreamweaver (a fairly recent version) then you can quite easily put a Spry behaviour in that does this for you using the built in DW scripting.

I also make sure that all forms are validated, that phone number fields are only allowed to contain numbers and email addresses must be in the correct format (though a lot of spammers can recognise email fields now).

It's an on-going battle I'm afraid!!

  Taff™ 23:17 29 Mar 2009

Thanks FE. Brilliant idea HighTower but how do we adapt the PHP script to do that? I now it`s got something to do with mandatory fields, can you give us an example please.

  Kemistri 14:11 30 Mar 2009

A simple anti-spam question is not a bad idea - infinitely better than any CAPTCHA system - but it's no longer a 100% solution and it shouldn't be necessary really. I never use one on any of my clients' sites. Remember that simply validating fields for "correct" content is not quite the right direction to take on its own - you need to validate against unwanted content as well.

If you need an off-the-shelf solution that works well, you could take a look at scripts such as the DD Form Mailer, the Green Beast v3 script, or the Jemjabella v2 script. I use a script that incorporates some similar methods. Those three range from pretty secure to very secure, using different solutions which you could add to your scripts or maybe replace them entirely. In particular, check how the Jemjabella script uses a simple but very robust array to filter out so-called bad words and bots. Updated lists of bots can be found on the net. Form Mailer FE might be worth a look as well, but it's far from the most efficient code, so it runs slowly as a result and it's harder to work with.

Hope that helps.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iPhone X review

How to find a font: Discover the name of a typeface with these apps

The best iPhone for 2017

Comment créer un compte PayPal pour payer en ligne ?