Web form being spammed

  FOEYDO 09:38 26 Dec 07

Hi, I have a few forms on my website and they are being filled in by spammers, I dont want to use captcha, any ideas?

  SimpleSimon1 09:59 26 Dec 07


Please take a look at my earlier posting here (click here). I've implemented it on my web site contact form and, so far, the spambots have not been able to get throught it.

Good luck


  FOEYDO 10:02 26 Dec 07

Thanks Simple Simon, could you possibly post or send me the exact code to use and where do I put it. I have a php form.

  Kemistri 13:02 26 Dec 07

Message me and I'll send you the code you need for PHP. I won't post it here as it's a bit long.

  Kemistri 16:43 26 Dec 07

Thanks for the email. I have sent you an example PHP file with the anti-spam code. Post again if you have any questions.

  SimpleSimon1 10:08 27 Dec 07

Since your forms are PHP, I think Kemistri is 'your dude'. However, just in case you have any PERL/CGI contact forms,I'll let you have the anti-spam solution for them, as well.

1) Put a hidden field on the form you want to protect and call it something that a spambot would want to target (e.g. Name, Surname, Email etc).

2) Using nmsFormMail, add the following code to the User Customisation Section, immediately after the line "# Place any custom code here":

use CGI;
sub spam {
my $q = new CGI;
my $spamcheck = $q->param('xyz') || ';
if ($spamcheck ne ') {
print "Location: click here\n\n";

where "xyz" is the name of the hidden field

3) Find the FIRST occurence of the text "use CGI;". It will normally be followed by the lines:

use POSIX qw(locale_h strftime);
use CGI::NMS::Charset;

4) Comment out the 'use CGI' line with a # i.e.

# use CGI;

That should do it. Now, anytime that the script is used, it will check to see if the hidden field has been populated. If it has (and, cos it's hidden, only a spambot could do this), it will be sent off to the farfaraway address rather than yourself.


  SimpleSimon1 10:12 27 Dec 07

The forum software parsed the www link in my script fragment. If you use this method, simply replace the "click here" text with the proper www address (including the http://) and make sure you still have the \n\n"; bit on the end of it.

Sorry for any confusion

  Kemistri 13:49 27 Dec 07

"Since your forms are PHP, I think Kemistri is 'your dude'."

Haha! I wish! I'm still learning more about PHP all the time. Complex stuff, unfortunately.

  FOEYDO 13:56 27 Dec 07

Thanks Kemistri, I now need some php code to block HTML tags or http headers? Any takers?

  Kemistri 15:05 28 Dec 07

I've been looking into this today, but without much success so far. I know how to validate the form to check for things like numbers in the phone field, but blocking text is proving trickier.

  FOEYDO 15:11 28 Dec 07

Keep up the good work Kemistri, if you are like me I can't rest til Ive done it!

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac