Help with spam and conditional statement

mrrodger

I own the domain "mydomain.com" (just an example). Some automated software out there is scanning my website and automatically filling out my contact form - about 40 times a day!! Every field is filled out with klkjlj@mydomain.com (the name before the @ sybmol is randomly generated). They are using my domain to fill out all of the fields automatically. How do I stop them?

I think there's a way that I can write a conditional statement that says that if the user types in @mydomain.com - then to reject it. I need help with writing this statment and getting it to work. (or if you have a better idea please let me know)

This is what I have on the confirmation page that it posts to when the user hits submit:

if ($fname == "" || $lname == "" || $email == "" || $hnumb == "")
{
echo " NOT TRANSMITTED:Please fill out all *fields";
}
else
{

//echo "<CENTER><font color=#009900 size=+2><B>Successfully Submitted</B></font></CENTER>";
}

bpat1434

if ($fname == "" || $lname == "" || $email == "" || $hnumb == "" || strpos($email, '@mydomain.com') == FALSE)
{
echo "<p class=links><br><br><br><br><br><br><br><br><B>NOT TRANSMITTED:</B></p><p>Please fill out all *fields</p>";
}

But of course, RegEx is your friend and may be a better option...

~Brett

execute

You can either use a graphic input form, like a security code, or you can use regex:

if(eregi("(.*)@domain.com", $email)){
echo "get lost";
}
But this is a terrible fix, since they will change the domain. So a graphic input is best. Maybe you don't even need it to be a graphic. Just do this, make a text with a random generated value:

<?php
$random_num = mt_rand();
$rand = md5($random_num);
$string = substr($rand, 0, 7);
echo $string;
// randomly generated value
?> Type in the Security code above.
<input type='text' name='security' id='security' /> 
<?php echo "<input type='hidden' name='code' id='code' value='$string' />"; ?>

Then in your form handling script type:
if($POST['security'] != $POST['code']) {
echo "Get lost spammer";
exit();
}

mrrodger

Thanks guys. I'll give your suggestions a try!

mrrodger

I couldn't get it to work so I added another "=" sign...but this still did not work. I also tried changing it to "true" but it stopped legit submissions as well. Any ideas?

if ($fname == "" || $lname == "" || $email == "" || $hnumb == "" || strpos($email, '@serversidedesign.com') === false)
//if ($fname == "" || $lname == "" || $email == "" || $hnumb == "")
{
echo " NOT TRANSMITTED:Please fill out all *fields";
}
else
{
PRINT "Success";

bpat1434

Should be:

if ($fname == "" || $lname == "" || $email == "" || $hnumb == "" || strpos($email, '@serversidedesign.com') != false)
//if ($fname == "" || $lname == "" || $email == "" || $hnumb == "")
{
echo "<p class=links><br><br><br><br><br><br><br><br><B>NOT TRANSMITTED:</B></p><p>Please fill out all *fields</p>";
}
else
{
PRINT "Success";
}

~Brett