472,330 Members | 1,409 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,330 software developers and data experts.

How to stop spam email coming through my web form?

97 64KB
I have a web form that keeps getting submission from what I'm guessing is a spambot. None of the data I'm getting in the emails matches the form on the website, not even the subject line which is a hidden input. I can't figure out how to stop them. I tried using recaptcha but couldn't make it work (kinda hate it anyway), I also tried using a honeypot trap and a couple of javascript scripts but nothing stops the emails.

This is the form:

Expand|Select|Wrap|Line Numbers
  1. <form name="form1" id= "form1" method="post" action="formmail.php" onsubmit="return trappetyTrap();" enctype="multipart/form-data">
  3.       <input type="hidden" name="recipients" value="me@email">
  5.       <input type="hidden" name="good_url" value="http://whatever/good_page.php">
  6.       <input type="hidden" name="bad_url" value="http://whatever/bad_page.php">
  8.       <input type="hidden" name="subject" value="Sent from website">
  10.       <label for="person">Your Name : </label>
  11.       <input type="text" name="person" id="person" size="39">
  13.       <label for="email">Email : </label>
  14.       <input type="text" name="email" id="email" size="39">
  16.       <label for="company">Company Name (if applicable):</label>
  17.       <input type="text" name="company" id="company" size="39">
  19.       <label for="phone">Contact Phone :</label>
  20.       <input type="text" name="phone" id="phone" size="39">
  22.       <!-- THIS IS TO KEEP THE B.O.T.S. AWAY-->
  25.       <label for="ruse" id="ruse_label">Keep this field blank</label>
  26.     <input type="text" name="ruse" id="ruse" class="ruse" />
  27.     <!-- END B.O.T. TRAP -->
  29.       <label for="message">Talk to us:</label>
  30.       <textarea name="message" id="message" rows="10" cols="47"></textarea>
  33.     <button type="submit" class="submit">Submit</button>
  34.  </form>
I changed some of the data in there, like the email address and the url, to protect my clients anonymity. This is the script for the honeypot trap.

Expand|Select|Wrap|Line Numbers
  1. function trappetyTrap() {
  2.         // This is only here because jslint told me to put it here
  3.         "use strict";
  4.     // The field is empty, submit the form.
  5.         if (!document.getElementById("ruse").value) {
  6.             return true;
  7.         // If an 'author' input exists - it's a spam bot
  8.         } else if (document.getElementsByName("author")) {
  9.         return false;    
  10.         } else {
  11.     // the field has a value it's a spam bot
  12.             return false;
  13.     }
  14. }
As you can see, I'm using a hidden field to trap the bots and I'm trying to pick out a field called author and block any submissions that contains it. You might be thinking there's no input with that name and you'd be right. I think it was part of an old form that was deleted a while ago. This is the data I'm receiving from the emails.

Expand|Select|Wrap|Line Numbers
  1. From: <pberman@srafoods.com>
  2.  Date: 7 Dec. 2017 3:50 am
  3.  Subject: Imaginary Worlds Submission
  4.  To: <me@email>
  5.  Cc: 
  7. email: pberman@srafoods.com
  8. realname:
  9. author:
  10. phone:
  11. storyTitle:
  12. storyFile:
This is an alternate version of the js. It tries to use the subject line of the email to block the spambot.

Expand|Select|Wrap|Line Numbers
  1.  // Get the value of the subject line of the email - add to variable
  2.     var iws = document.getElementsByName("subject").value;
  3.     // start function
  4.     function trappetyTrap() {
  5.         // This is only here because jslint told me to put it here
  6.         "use strict";
  7.     // The field is empty, submit the form.
  8.         if (!document.getElementById("ruse").value) {
  9.             return true;
  10.     //} else if (iws === "Imaginary Worlds Submission") {    
  11.         return false;
  12.         } else {
  13.     // the field has a value it's a spam bot
  14.             return false;
  15.     }
  16. }
None of this works. What can I do?
Dec 11 '17 #1
4 4825
There are few things you can do,

Test their patience with powerful form field validation
Nuke 'em with the big one - CAPTCHA
Use data confirmation screen

You may also try addons like Web-form-buddy.
Dec 11 '17 #2
97 64KB
Okay. Thanks. I tried the form field validation which didn't work. I'm now trying the data confirmation screen and we'll see how it goes. I'm also thinking the php script might be the hackers target rather than the web form, so I've got another idea there. Thanks again.
Dec 12 '17 #3
5,390 Expert Mod 4TB
well - to be honest - how could you be sure that it happens through your site. the easiest way for the spammer would be to just use your form-action as a target for a local script that submits whatever to it. he can look up what your fieldnames are - thus knowing what key/values your php script expects. so the only safe validation would be at the serverside - where you should check the content, headers like the origin header for example and such. you have a public entrypoint - which is the purpose of your form of course - thus you cant really avoid that data is sent to it because of its nature. using a local copy of your form and changing it locally will allow to send whatever the attacker wants to this entrypoint. So just validate at the server.
Dec 15 '17 #4
1 Bit
Well...I have this problem and I really don't know what and why is happening. If someone knows how to stop spam email coming through my web form please help me. I also have some friend who have the same problem with spam email and they found a solution for a short period and again started those spam emails. One of them told me once that email deliverability is the ability to deliver emails to subscribers’ inboxes and some specialists use to gauge the likelihood of their email campaigns reaching their subscribers’ inboxes related to actual delivery–like ISPs, throttling, bounces, spam issues, and bulking.
Jul 13 '21 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Mindful_Spirit | last post by:
I'm trying to set up a basic email feed back form like this, and was wondering about some basic configuration settings. I have used code from...
by: ThunderMusic | last post by:
Hi, My app does not stop whan I click on the form. I mean, the form is closing, but the process keeps running in the task manager. So I figured...
by: JohnR | last post by:
I have a form that is presented in an mdi child window. If the user hits exit or the X button on the titlebar of the mdi child form, that form's...
by: Dave | last post by:
I have a form on my ASP 3.0 web site and I need to monitor submissions. Is it possible to generate an email upon form submission? If so, how do...
by: stew dean | last post by:
Hi, I'm a newbie so go easy. I'm having to covert an old site I've done to run in a .net environment and have limited time to do this. What...
by: Sebarry | last post by:
Hi, Has anyone used this successfully in PHP to prevent spam mails sent from HTML forms? I've added it to a form of mine and it seems a bit hit...
by: =?Utf-8?B?YzY3NjIyOA==?= | last post by:
Hi all, We have many forms on our site that users can fill out and ask questions, request information etc. but somehow, we receive a lot of junk...
by: DeZZar | last post by:
Hi all, I'll explain my database first. Users input customer details that are required to complete a company document. The document merge etc...
by: updw123 | last post by:
Hi there, Does anyone know if spam trawls can pick up email addresses from hidden fields in submission forms. And/or does anyone know if there...
by: Ammu | last post by:
I've written code for sending an e-mail using php.I don't want to go that mail into spam. In gmail , the email is going to spam folder. How can I...
by: tammygombez | last post by:
Hey everyone! I've been researching gaming laptops lately, and I must say, they can get pretty expensive. However, I've come across some great...
by: concettolabs | last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
by: better678 | last post by:
Question: Discuss your understanding of the Java platform. Is the statement "Java is interpreted" correct? Answer: Java is an object-oriented...
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
by: CD Tom | last post by:
This happens in runtime 2013 and 2016. When a report is run and then closed a toolbar shows up and the only way to get it to go away is to right...
by: CD Tom | last post by:
This only shows up in access runtime. When a user select a report from my report menu when they close the report they get a menu I've called Add-ins...
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.