Hi All,
Hope you're well - sorry it's been a while since I posted here, but I'm back because you were all so helpful last time!
I've been getting SPAM attacks on my PHP forms on my website. The emails I get are similar to the following and tend to come in in batches of about 5, hitting in the middle of the night:
CUSTOMER REQUEST: Request Free Consultation
Full Name:
Select... Kaitlyn KaitlynDaytime Telephone:
48018230576Evening Telephone:
23430470775E-Mail:
freelife@yahoo.comFull Address:
tQQFatWLHTzMZwHadO
mEADgmWHnTeTuhrRiBS
NY
USA
4360Estimated House Value:
ZOoNFiApJkdMortgage Value:
2rand[0,1,1]Mortgage Arrears:
YesNon-mortgage Loans (blank if unsure):
2rand[0,1,1]Sale Speed Required:
Select...Sale Reason:
Select...Other Sale Reason:
How did you hear about us?
Select...Accepts T&Cs:
Message:
How long have you lived here? Purchase Stendra after the ten calendar days has elapsed. Fees for the individual background checks are included in the PharmCAS Erythromycin Ophthalmic Ointment Rx List A Certified True Copy must be used only: Buy Bimatoprost Online Drug X has been shown to cause green rash with purple spots. Maxalt 10 Mg their area of practice): practice ethically and with compassion for patients accept personal responsibility for patient outcomes have professional training, experience, and competence commensurate with their utilize clinical and scientific publications in clinical care decision making and evidence- have a desire to educate others (patients, care givers, other health care professionals, have an aptitude to facilitate learning be able to document and assess student performance have a systematic, self-directed approach to their own continuing professional collaborate with other health care professionals as a member of a team be committed to their organization, professional societies, and the community
My code for this particular form is as follows:
<?php
/* Subject and e-mail variables */
$emailSubject = 'Request Free Consultation';
$webMaster = 'me@mydomain.com';
$formSuccess = "http://www.mydomain.co.uk/form-success.html";
$formError = "http://www.mydomain.co.uk/form-error.html";
/* Gathering data variables */
$titleField = $_POST['title'];
$firstnameField = $_POST['first_name'];
$surnameField = $_POST['surname'];
$emailField = $_POST['email'];
$daytimetelField = $_POST['daytime_tel'];
$eveningtelField = $_POST['evening_tel'];
$address1Field = $_POST['address1'];
$address2Field = $_POST['address2'];
$townField = $_POST['town'];
$countyField = $_POST['county'];
$postcodeField = $_POST['postcode'];
$housevalueField = $_POST['house_value'];
$mortgagevalueField = $_POST['mortgage_value'];
$mortgagearrearsField = $_POST['mortgage_arrears'];
$nonmortgageloansField = $_POST['non_mortgage_loans'];
$salespeedField = $_POST['sale_speed'];
$salereasonField = $_POST['sale_reason'];
$otherreasonField = $_POST['other_reason'];
$marketingsourceField = $_POST['marketing_source'];
$messageField = $_POST['message'];
$termsandconditionsField = $_POST['terms_and_conditions'];
/* Security */
if ( preg_match( "/[\r\n]/", $firstnameField ) || preg_match( "/[\r\n]/", $surnameField ) || preg_match( "/[\r\n]/", $emailField ) ) {
header( "Location: $formError" );
exit ;
}
/* Message to WebMaster */
$body = <<<EOD
<br><hr><b>CUSTOMER REQUEST:</b> Request Free Consultation<hr><br>
<b>Full Name:</b> <br>$titleField $firstnameField $surnameField <br><br>
<b>Daytime Telephone:</b> <br>$daytimetelField <br><br>
<b>Evening Telephone:</b> <br>$eveningtelField <br><br>
<b>E-Mail:</b> <br>$emailField <br><br>
<b>Full Address:</b><br> <br>$address1Field <br>$address2Field <br>$townField <br> $countyField <br> $postcodeField <br><br>
<b>Estimated House Value:</b> <br>$housevalueField <br><br>
<b>Mortgage Value:</b> <br>$mortgagevalueField <br><br>
<b>Mortgage Arrears:</b> <br>$mortgagearrearsField <br><br>
<b>Non-mortgage Loans (blank if unsure):</b> <br>$nonmortgageloansField <br><br>
<b>Sale Speed Required:</b> <br>$salespeedField <br><br>
<b>Sale Reason:</b> <br>$salereasonField <br><br>
<b>Other Sale Reason:</b> <br>$otherreasonField <br><br>
<b>How did you hear about us?</b> <br>$marketingsourceField <br><br>
<b>Accepts T&Cs:</b> <br>$termsandconditionsField <br><br>
<b>Message:</b><br> $messageField
EOD;
$headers = "From: $emailField\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);
/* Successful Submission Redirect */
header( "Location: $formSuccess" );
exit ;
?>
If I'm correct in my thinking that the SPAM-bots are using my site to send SPAM emails, my question is, in the interests of keeping the web a nicer place, how can I make my code no longer work for them?
Many thanks for your help,
Max