473,385 Members | 1,341 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > how to stop spam email coming through my web form?

Join Bytes to post your question to a community of 473,385 software developers and data experts.

How to stop spam email coming through my web form?

97 64KB
I have a web form that keeps getting submission from what I'm guessing is a spambot. None of the data I'm getting in the emails matches the form on the website, not even the subject line which is a hidden input. I can't figure out how to stop them. I tried using recaptcha but couldn't make it work (kinda hate it anyway), I also tried using a honeypot trap and a couple of javascript scripts but nothing stops the emails.

This is the form:

Expand|Select|Wrap|Line Numbers
  1. <form name="form1" id= "form1" method="post" action="formmail.php" onsubmit="return trappetyTrap();" enctype="multipart/form-data">
  2.  
  3.       <input type="hidden" name="recipients" value="me@email">
  4.  
  5.       <input type="hidden" name="good_url" value="http://whatever/good_page.php">
  6.       <input type="hidden" name="bad_url" value="http://whatever/bad_page.php">
  7.  
  8.       <input type="hidden" name="subject" value="Sent from website">
  9.  
  10.       <label for="person">Your Name : </label>
  11.       <input type="text" name="person" id="person" size="39">
  12.  
  13.       <label for="email">Email : </label>
  14.       <input type="text" name="email" id="email" size="39">
  15.  
  16.       <label for="company">Company Name (if applicable):</label>
  17.       <input type="text" name="company" id="company" size="39">
  18.  
  19.       <label for="phone">Contact Phone :</label>
  20.       <input type="text" name="phone" id="phone" size="39">
  21.  
  22.       <!-- THIS IS TO KEEP THE B.O.T.S. AWAY-->
  23.       <!-- IT USES THE JS AT THE BOTTOM OF THE DOCUMENT TO STOP SUBMISSIONS -->
  24.       <!-- FROM ANYTHING WITH THIS FIELD FILLED IN -->
  25.       <label for="ruse" id="ruse_label">Keep this field blank</label>
  26.     <input type="text" name="ruse" id="ruse" class="ruse" />
  27.     <!-- END B.O.T. TRAP -->
  28.  
  29.       <label for="message">Talk to us:</label>
  30.       <textarea name="message" id="message" rows="10" cols="47"></textarea>
  31.  
  32.  
  33.     <button type="submit" class="submit">Submit</button>
  34.  </form>
  35.  
  36.  
I changed some of the data in there, like the email address and the url, to protect my clients anonymity. This is the script for the honeypot trap.

Expand|Select|Wrap|Line Numbers
  1. function trappetyTrap() {
  2.         // This is only here because jslint told me to put it here
  3.         "use strict";
  4.     // The field is empty, submit the form.
  5.         if (!document.getElementById("ruse").value) {
  6.             return true;
  7.         // If an 'author' input exists - it's a spam bot
  8.         } else if (document.getElementsByName("author")) {
  9.         return false;    
  10.         } else {
  11.     // the field has a value it's a spam bot
  12.             return false;
  13.     }
  14. }
  15.  
As you can see, I'm using a hidden field to trap the bots and I'm trying to pick out a field called author and block any submissions that contains it. You might be thinking there's no input with that name and you'd be right. I think it was part of an old form that was deleted a while ago. This is the data I'm receiving from the emails.

Expand|Select|Wrap|Line Numbers
  1. From: <pberman@srafoods.com>
  2.  Date: 7 Dec. 2017 3:50 am
  3.  Subject: Imaginary Worlds Submission
  4.  To: <me@email>
  5.  Cc: 
  6.  
  7. email: pberman@srafoods.com
  8. realname:
  9. author:
  10. phone:
  11. storyTitle:
  12. storyFile:
  13.  
  14.  
This is an alternate version of the js. It tries to use the subject line of the email to block the spambot.

Expand|Select|Wrap|Line Numbers
  1.  // Get the value of the subject line of the email - add to variable
  2.     var iws = document.getElementsByName("subject").value;
  3.     // start function
  4.     function trappetyTrap() {
  5.         // This is only here because jslint told me to put it here
  6.         "use strict";
  7.     // The field is empty, submit the form.
  8.         if (!document.getElementById("ruse").value) {
  9.             return true;
  10.     //} else if (iws === "Imaginary Worlds Submission") {    
  11.         return false;
  12.         } else {
  13.     // the field has a value it's a spam bot
  14.             return false;
  15.     }
  16. }
  17.  
None of this works. What can I do?
Dec 11 '17 #1
4 4947
There are few things you can do,

Test their patience with powerful form field validation
Nuke 'em with the big one - CAPTCHA
Use data confirmation screen

You may also try addons like Web-form-buddy.
Dec 11 '17 #2
tdrsam
97 64KB
Okay. Thanks. I tried the form field validation which didn't work. I'm now trying the data confirmation screen and we'll see how it goes. I'm also thinking the php script might be the hackers target rather than the web form, so I've got another idea there. Thanks again.
Dec 12 '17 #3
gits
5,390 Expert Mod 4TB
well - to be honest - how could you be sure that it happens through your site. the easiest way for the spammer would be to just use your form-action as a target for a local script that submits whatever to it. he can look up what your fieldnames are - thus knowing what key/values your php script expects. so the only safe validation would be at the serverside - where you should check the content, headers like the origin header for example and such. you have a public entrypoint - which is the purpose of your form of course - thus you cant really avoid that data is sent to it because of its nature. using a local copy of your form and changing it locally will allow to send whatever the attacker wants to this entrypoint. So just validate at the server.
Dec 15 '17 #4
Seneltali
1 Bit
Well...I have this problem and I really don't know what and why is happening. If someone knows how to stop spam email coming through my web form please help me. I also have some friend who have the same problem with spam email and they found a solution for a short period and again started those spam emails. One of them told me once that email deliverability is the ability to deliver emails to subscribers’ inboxes and some specialists use to gauge the likelihood of their email campaigns reaching their subscribers’ inboxes related to actual delivery–like ISPs, throttling, bounces, spam issues, and bulking.
Jul 13 '21 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

2
Website "Email Feedback Form" (ASP.NET)--Quick Help Needed :(
by: Mindful_Spirit | last post by:
I'm trying to set up a basic email feed back form like this, and was wondering about some basic configuration settings. I have used code from this website. I have it working just fine. I'm...
ASP / Active Server Pages
16
App don't stop when closing the form
by: ThunderMusic | last post by:
Hi, My app does not stop whan I click on the form. I mean, the form is closing, but the process keeps running in the task manager. So I figured there are memory leaks or some object's process...
.NET Framework
1
stop a MDI child form from closing if parent is trying to close
by: JohnR | last post by:
I have a form that is presented in an mdi child window. If the user hits exit or the X button on the titlebar of the mdi child form, that form's "closing" event fires and in that event I check to...
Visual Basic .NET
2
Generate Email from Form Submission
by: Dave | last post by:
I have a form on my ASP 3.0 web site and I need to monitor submissions. Is it possible to generate an email upon form submission? If so, how do I invoke the email functionality from an ASP 3.0...
ASP / Active Server Pages
2
Email HTML form results via ASPX
by: stew dean | last post by:
Hi, I'm a newbie so go easy. I'm having to covert an old site I've done to run in a .net environment and have limited time to do this. What I've learnt so far is the ideal way to do this is...
ASP.NET
2
reCAPTCHA PHP to stop spam
by: Sebarry | last post by:
Hi, Has anyone used this successfully in PHP to prevent spam mails sent from HTML forms? I've added it to a form of mine and it seems a bit hit and miss. I incorrectly enter the captcha and it...
PHP
4
how to stop spam
by: =?Utf-8?B?YzY3NjIyOA==?= | last post by:
Hi all, We have many forms on our site that users can fill out and ask questions, request information etc. but somehow, we receive a lot of junk mails (more than two hundreds) within two weeks...
ASP / Active Server Pages
12
composing an email from form data
by: DeZZar | last post by:
Hi all, I'll explain my database first. Users input customer details that are required to complete a company document. The document merge etc is all working - the database saves the...
Microsoft Access / VBA
1
Spam + Email Addresses as Hidden Fields in Forms
by: updw123 | last post by:
Hi there, Does anyone know if spam trawls can pick up email addresses from hidden fields in submission forms. And/or does anyone know if there is an alternative to having your email address in...
HTML / CSS
2
avoid email going to spam email
by: Ammu | last post by:
I've written code for sending an e-mail using php.I don't want to go that mail into spam. In gmail , the email is going to spam folder. How can I avoid going that mail into spam? Please help me.
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!