My form email is getting spam bombed by someone, and would like to know what I can do to stop it. I get about 50 form email bombs from what it appears to be an automated bomber.
Here is a couple that I got. It seems to repeat itself; its always the same names and emails.
you could setup a mysql db/flat file prevention system
you could have it so it only allows 1 email / ip every 12 hours or so...
and also you could have it setup a cookie once they send an email so the next time they try to send one (it checks for a REQUIRED cookie value)
ninedogger the cookie idea will not work if it is an automated script as it will not accept cookies so will never meet the requirement.
The ip address 1 is a decent enough idea or an alternative is the ussual captcha method (have an image with a random string of letters and numbers that the person has to type into a box)
I think that filth@flexiwebhost's captcha idea is the best. They are easy to add, and would prevent automated emails, such as the ones you received, being sent.
// Set random numbers (5 digits)
$rand = rand(10000, 99999);
// create the hash (security) and set the 5 digits to it
$_SESSION['image_random_value'] = md5($rand);
// create the image
$image = imagecreate(60, 30);
// use white as the background image
$bgColor = imagecolorallocate ($image, 255, 255, 255);
// the text color is black
$textColor = imagecolorallocate ($image, 0, 0, 0);
imagestring ($image, 5, 5, 8, $rand, $textColor);
// set several headers to make sure the image is not cached
// Set the date (not required to have an accurate date)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// Make it so it doesn't cache the image (IMPORTANT)
header("Pragma: no-cache");
// Set content type for the image (REQUIRED)
header('Content-type: image/jpeg');
// Make the jpeg image (show)
imagejpeg($image);
// Destory the image information
imagedestroy($image);
?>
That will make an image to display some numbers. It is very simple and since it is not a login or anything try to keep it nice and simple. So adding letters would only make it harder.
Than just add this to your current contact form where you want the image to display.
Set the tables to the proper value
And add this to the part where it verifies the fields are set and sends the email
PHP Code:
// Make sure this is at the very top. If it is already there nvm. Otherwise add it or it will not work
session_start();
// Add a if command to verify the number (hashed) is the same as the session
if(md5($number) == $_SESSION['image_random_value']) {
// It is the same
}else{
//it isn't right.. Display error
}
Thats true about the cookie, but on my site I require the cookie to be set and it will not send unless there is a cookie there (with the specific value), hence I said required
and that captcha also could get very annoying to people actually just wanting to contact quick and easy
