Some time ago I start to receive spam from the feedback form on my site.
This is my php-file
<?
$fMail = $_POST['fMail'];
$fTitle = $_POST['fTitle'];
$fSubject = $_POST['fSubject'];
$fCount = $_POST['fCount'];
$fName = $_POST['fName'];
$fData = $_POST['fData'];
$fOk = $_POST['fOk'];
$fBad = $_POST['fBad'];
$fText="$fTitle
";
for ($i=1;$i<=$fCount;$i++) {$fText.=$fName[$i].": ".$fData[$i]."
";}
$fText.="
";
$fText.=date("l dS of F Y h:i:s A");
if (mail($fMail,$fSubject,$fText)) {Header("Location: $fOk");}
else {Header("Location: $fBad");}
exit;
?>
What can I add to this code for not receiving any more messages, including stuff like "[/url]" or "[/link]" (phpbb tags like this are included in all spam messages, that attacks my feedback form)
PS Sorry, I am not a programmer at all
PPS It will be awesome to do this without CAPTCHA, I receive only one type of spam messages (with "[/url]" and "[/link]" tags) and dont want to force my page guests to type captchas
I beleive simplest thing for you to do is to add google captcha (recaptcha) it's easy to implement and it has quiet good documentation. With it you will get rid of most spam messages. If you need help implementing it, just ask.
update:
if(strpos($fText,'[/link]') !== false or strpos($fText,'[/url]') !== false) {
if (mail($fMail,$fSubject,$fText)) {Header("Location: $fOk");}
else {Header("Location: $fBad");}
}
I would like to introduce you to a simple but nice solution to prevent spam in forms. Specially for dumb bots that just fill in forms. The method is called Honeypot Captcha and is really easy to fire up.
The theory behind this method is, that you implement hidden fields with very common names for required fields such as email, first_name, etc...
Serverside you need to check if the honeypot field has any input if yes you prevent your logic from executing. Since the fields will be hidden from your users it will not affect them. But bots just stupidly parse your form fields, filling all of them, especially those with common names.
The Honeypot fires off and prevents bots from sending spam.
<form action="myscript.php" method="POST">
The real E-Mail Adress<input type="text" name="realmail">
<!-- [...] -->
<!-- It's a trap :O -->
<input type="hidden" name="email">
</form>
That could be the form. And now just the very easy implementation based on what you provided.
<?
$honeypot = $_POST['email'];
$fMail = $_POST['realmail'];
$fTitle = $_POST['fTitle'];
$fSubject = $_POST['fSubject'];
$fCount = $_POST['fCount'];
$fName = $_POST['fName'];
$fData = $_POST['fData'];
$fOk = $_POST['fOk'];
$fBad = $_POST['fBad'];
$fText="$fTitle
";
for ($i=1;$i<=$fCount;$i++) {$fText.=$fName[$i].": ".$fData[$i]."
";}
$fText.="
";
$fText.=date("l dS of F Y h:i:s A");
if(!empty($honeypot))
{
die("PLS NO SPAM THX");
}
if (mail($fMail,$fSubject,$fText)) {Header("Location: $fOk");}
else {Header("Location: $fBad");}
exit;
?>
Pitfalls:
Of of course that's a very simple implementation and bots become smarter as time passes. So there are several things that could be done for example:
Just test around and see what fits best.
Further Reading: