Contact Form Spam

  Peter Lanky 29 Mar 09
Locked

I have a contact form on my website inviting people to enquire about my services. During the last 4 weeks all my spam has been of a similar style. The email address where the spam comes from is almost always in the form [email protected] with the names always being normal rather than silly, though the name of the sender is often silly. The other fields just contain random characters. The message always says "Good site, Admin" or "Good Post, Admin". No trying to link me to porn or sell me drugs or anything with any purpose at all.

Has anyone else experienced this, and if so, what are the aims of the spammer?

  Fruit Bat /\0/\ 29 Mar 09

what are the aims of the spammer?

If you open/reply they know it has reached a valid address, the real spam will then follow later.

Delete all e-mails from unknown addresses without opening.

  Peter Lanky 29 Mar 09

I delete them as a matter of course. However the spammer would easily know that the email address was valid as nobody would have a contact form that delivers an email to an address that doesn't exist (unless they have a commercial death wish) so I still cannot see the gain. And why "Good site, Admin" or "Good Post, Admin" as a message?

  Taff™ 29 Mar 09

I have a similar problem with a couple of sites I host. The PHP script I use is supposed to get round this but someone has cracked the code and the spam actually comes via the contact form. Most annoying! What type of Form Mail are you using? Can you give us a link to your Contact Form.

  Peter Lanky 29 Mar 09

Link to contact form: click here
I have all sorts of the normal spam in the past, and though annoying, spam hasn't yet got to the stage where I cannot find real emails. This current 'campaign' of spam started very suddenly, and at the moment 90% of my spam has "Good site, Admin" or "Good Post, Admin" as the message.

  Taff™ 29 Mar 09

I`ve had a quick look and it seems to use a PHP script called feedback.php - I assume this was a free script or was this feature provided by a website designer? In any event it may be customisable to include a Captcha element where the users have to enter a random set of numbers or letters before submitting the form.

I too get a few with similar subject titles and the most persistant are from Rumania. This thread might get more qualified advice in the Web Design Forum. I`ll suggest that FE moves it there for you and watching with interest.

  Forum Editor 29 Mar 09

to WebDesign.

  Peter Lanky 29 Mar 09

I have tried to incorporate a Captcha element before, but the end result always looked a mess. It wss a bit beyond my technical ability, so I removed it.

  HighTower 29 Mar 09

You could try including an antispam question in the form. I use one such as "what is 6 + 3", and if the answer submitted in the form is anything other than 9 then the form cannot be submitted.

If you use Dreamweaver (a fairly recent version) then you can quite easily put a Spry behaviour in that does this for you using the built in DW scripting.

I also make sure that all forms are validated, that phone number fields are only allowed to contain numbers and email addresses must be in the correct format (though a lot of spammers can recognise email fields now).

It's an on-going battle I'm afraid!!

  Taff™ 29 Mar 09

Thanks FE. Brilliant idea HighTower but how do we adapt the PHP script to do that? I now it`s got something to do with mandatory fields, can you give us an example please.

  Kemistri 30 Mar 09

A simple anti-spam question is not a bad idea - infinitely better than any CAPTCHA system - but it's no longer a 100% solution and it shouldn't be necessary really. I never use one on any of my clients' sites. Remember that simply validating fields for "correct" content is not quite the right direction to take on its own - you need to validate against unwanted content as well.

If you need an off-the-shelf solution that works well, you could take a look at scripts such as the DD Form Mailer, the Green Beast v3 script, or the Jemjabella v2 script. I use a script that incorporates some similar methods. Those three range from pretty secure to very secure, using different solutions which you could add to your scripts or maybe replace them entirely. In particular, check how the Jemjabella script uses a simple but very robust array to filter out so-called bad words and bots. Updated lists of bots can be found on the net. Form Mailer FE might be worth a look as well, but it's far from the most efficient code, so it runs slowly as a result and it's harder to work with.

Hope that helps.

Advertisement

This thread is now locked and can not be replied to.

How to watch Wimbledon 2015 live online: follow the tennis from your laptop or PC

We are being sold the ability to spend money we don't have. And we love it

HTC's head designer on what's exciting in designing for mobile right now

Apple Music preview: Why Spotify should be scared of Apple's impressive new music-streaming service

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message