A spammer isn't going to work out how to get something to automatically fill out every contact form on the Net. Just use random names for the form inputs and there'll be no problem.

Ok, you might have the odd joker that uses the form to send stuff to their friends, but it's hardly likely.

Originally posted by piersk
A spammer isn't going to work out how to get something to automatically fill out every contact form on the Net. Just use random names for the form inputs and there'll be no problem.

Ok, you might have the odd joker that uses the form to send stuff to their friends, but it's hardly likely.

Well I took this advice and it worked for a while (note the dates between the first post and this post). However, we're now getting spam sent via the form. New field names didn't help. Adding a login/registration system didn't help either as they seem to have hacked that and create new users as quickly as we can delete them. An IP ban is slowing them down, but they have a new completely different IP within 48hrs.

What are some other possible solutions to having keeping spammers out of this kind of form?

Why don't you have email verification...where when they register they have to click on a link in their email to complete the registration process. This may not prevent spammers totally, but will limit it a lot.

one thing i do with mine, is add a static message saying like, "Your friend sent you this email from www.yoursite.com and thought you should check it out." and then have the friends custom message below that. obviously the spammer wont want that in the message.
Alternatively, I have written a very flexible captcha image script that you can integrate into your existing forms with about 3 short lines of code. see examples at my page www.neoprogrammers.com

Make sure that the comments field is very small, then do a string check for common spam words.

A captcha might help

Thanks for the info on Captcha and for the suggest about the registration email. It took me a while to get it all to work, but that seems to have fixed the problem for now.

It has been up for just about a week and no more spam has been sent. I have gotten a few complaints that it is now a major pain to register and then still have to enter a code to use the email form, but it doesn't look like people have stopped using it. So far the usage of that feature is back in line with what it was before the spammer incident.

Thanks everyone for your help. Hopefully these anti-spam methods will keep them at bay for another year or two.

questions:

1) there are many wild open "email a friend" forms on the Internet without any protection, and he already has a protection like asking them to register, they still want to hack his site not others?

2) there are many "email a friend" forms could let the hackers to edit out the original contents and fill in all the contents by themselves, in his site, the message will always have his site contents there, and these hackers still want to use his site to spam than other sites?

3) does that mean the this kind hacker software will attack you even you are safer than most other sites? even you are small, you have the same chance on the hack software radar as big sites?

they do this for benefits, right? why they hack the difficult ones rather than the easy ones?

the solutions in this thread:

1) register and activate requested like the solution you have, but it might be too much trouble for a people who just want to use "email a friend".

2) captcha image, still, if you make the captcha image too hard to read, people may not want to use the "email a friend", if it is not too hard to read, already software there can break them.

even the captcha image is easy to read, many not computer oriented people may not want to bother / or know how to use it then they will not use it.

captcha may be good solution for register for forum, user account etc. but for sending out "email a friend", many people may not want to bother to use it.

in simple words, for a "email a friend" this kind not so curcial feature, register and capcha image may stop many users to use it.

Other solutions?

1) how about drop a cookie or session counter to limit that per user can only send out 100 e-mails per session, or 100 e-mails per day by cookie counter?

is this a workable solution?

or 100 emails per IP per day or something like that. This way, the regular end user will not be bothered by register or use captcha image. But still some protections are added.

2) I know there will be hacker counter methods for cooike, session, ban IP etc., just like there are hacker counter solution for captcha.

So how about also set up some controls at the site, say no more 1000 "email a friend" e-mails can be sent out per day in total from this site, so even the hacker can modify the cookie, session, fake ip, but the total "email a friend" from your site are out of their touch, unless they occupy your server.

say for a small site, there will not be 200 "email a friend" regularly, so if you set up it as 1000, it will be safe that not stop the regular usage of "email a friend".

but for a hacker, they want to send out hundreds of thousdands e-mails, if they can only hack you for 1000 a day, will they go to somewhere else and stop bothering you?

plus an alert could be sent to you if it reach 1000 emails a day, then you can shut down them if it is a hacker attacks to prevent them hack you again. This will not request users to sign up to email a friend, or read captcha images to email a friend. Easy for your users, right?

Now I have another question, why use "email a friend" if you can use the brower built in "email a link" or "email a page" to email a product content page from your site? will it be good just leave it out and encourage people to use the brower built in "email a link" or "email a page"?

The browsers has built in "email this page" or "email this link", many people know how to use it, and most people browser the internet from their own computer in most times, so why we offer the "email a friend" page just to send out a content page which people can use the brower built in tools to do.

In some cases, say if the person is using library's computer then "e-mail a friend" may be useful. but at the same time "email a friend" page there may cause many people not use their browser built in tool even they are useing their private computer.

when use the "e-mail a friend", also, the message may be blocked by some spam control software, but if people use the browser built in "e-mail this page" and "email this link", the email will not be blocked because it is sent to their friends from their regular email tool which they did before.

Last question:

People may be on windows, using internet explorere or using firebird, or on macintosch.

is there a script (javascript) or some plug in, we can use, so if they click the link, it will pop up the window as they go to file ->send -> email this page in internet explorer, or go to file ->send->mail this link in firefox, or do the same for other popular browsers.

This way, we may just use this link and pop up the browser built in tools for the clients and not use "email a friend" programming pages. That may solve the hacker problem, or reduce your email to be blocked by the spam control software?

Thanks!