Hi Guys,

I have been using a vert basic php form that sends its contents via email. But recently I am getting hundreds of spam emails that are using my script.

Basically, I use a HTML form that sends the value to a PHP script, which sends me an email with the contents.

I was told I need to use a ramdom numbers/letters generator or block multiple script uses from the same IP. Could somebody please help me with that or giving me other solutions?

I already get the IP information with:
$message .= ( "IP = " . $REMOTE_ADDR . "\n");

Is there a way I could leverage that to avoid the spamming?

Thanks so much for helping.

In a database, save the IP and a timestamp(using time()) of the last time that person submitted. Then, use something like this:

if( time() - $LAST_TIME_SUBMITTED < 60)
{
  die("You can only submit once every 60 seconds!");
}

I am noob in PHP, don't even know how to save it on a database. Most PHP scripts I have are open source and I just customized them, didn't write them from scratch.

Checkout this thread. Theres 2 functions that are alone very effective agains spammers.

I am afraid that most of the suggestions given so far will not protect you from email exploits. Spammers already know to spoof IPs, space each exploit over a small interval, etc, etc.

You need to take note of Cahva's link - it is all about trapping email header injections.

For a good explanation of the problem and the solution read this article on Form Post Hijacking , or google for more.