How To Prevent Spambot From Detecting Emails From

[gm1234]

People shift from providing email addresses to using forms (for contact) in order to avoid spam

 

bots. But there are some new spam bots today which can detect email address even through forms

 

present on a website. Any solution to prevent this?

 

generally the form action is as follows

 

<form action="xyz@xyz.com">

 

Any other way this can be written to prevent it from being detected by spam bots?

 

Edit (TCH-MikeJ): Links to sites not relevent to post and not hosted by TCH removed. If you want a sig, make one in your forum control panel.

Edited October 15, 2004 by TCH-MikeJ

[TCH-Rob]

Greetings,

 

Many people use scripts to hide the email address, like javascript. Others use PHP to sent the output of the form to another file and process it there. Either way should buy a little time before they catch up.

[TCH-Don]

If you use a php form with the address hard coded into the form processor,

humans and bots can't see the address.

 

Avoid the type that have you put your address in the form

even as a hidden field, since this can easily be seen by anyone.

 

There are many php forms available, just google php form.

[tvspec]

My form is created with php and is handled through php - within the past day I have received bogus information through them - up to about 30 an hour all from different IP address in Texas, New Jersey, California, and Colorado. It seems hopeless to try and block all the ip address because they change - but it seems there are only a handful of service providers, which I've notified through their abuse and tech emails.

 

What can I do so that I can stop getting these?

 

The info that has been submitted is similar to this (mydomain was edited from my real domain name):

 

Here is what was submitted :

Name: pmcf@****

Content-Type: multipart/mixed; boundary=\"===============0458757291==\"

MIME-Version: 1.0

Subject: 1072bf53

To: pmcf@****

bcc: jrubin3546@aol.com

From: pmcf@****

 

or here's another:

 

Here is what was submitted :

Name: hddbofuxk@****

Preferred way to be contacted: hddbofuxk@****

Email: hddbofuxk@****

Phone #: hddbofuxk@****

Comments: hddbofuxk@****

Edited September 10, 2005 by tvspec

[TCH-Don]

What for mailer are you using?

Is your email address in the form as a hidden field?

or hard coded in the php form mailer only?

If the later, does it check the referer page to make sure the data came from your form?

[tvspec]

No, the email addresses are not hidden fields in the previous page, they are in the processing script after it is submitted. How can I check the referrer page - I bet that'll fix the problem, because when I look back at pages visited - the page with the original form was not visited...

[TweezerMan]

You can check the URL of the referring page by examining the variable $_SERVER['HTTP_REFERER'] in your script.

[tvspec]

So how would I write that in my script?

[tvspec]

If I use this - shouldn't that help?

 

if(!isset($_SERVER['HTTP_REFERER'])

|| isempty($_SERVER['HTTP_REFERER'])

|| $_SERVER['HTTP_REFERER'] == ''):

echo "Referring page required.";

exit;

endif;

 

do I need to set somewhere what page is actually using it?

[tvspec]

I don't think that worked. If it had worked, would I get the echo "referring page required" when I go directly to the php-scripted page where the form is sent to? Right now, anyone who goes to that page..automatically sends a blank form.

Edited September 10, 2005 by tvspec

[Deverill]

Just a quick point of clarification. They are not getting your email address from the forms. It is impossible for a well-written form to divulge the email address because the server is doing the mail.

 

What is happening is bots are hitting your web page with the form, filling it in and hitting submit... or at least making it look that way to your web server.

 

They don't have your email address but you are getting junk as if they did, it's just in the form of a submitted form and not a free-form email.

 

This kind of thing is exactly why they came up with the "Type in the letters you see in the graphic to the right" but even that is not foolproof. If you have a small to medium site that does not draw international attention you might get by with making one of your fields say "Enter the word Boo in the box below" and if the emailed form doesn't have Boo in it throw it out. If you have a huge site they really want to get at then they will have someone modify the bot to enter Boo.

[tvspec]

Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.

[TCH-Don]

These links may help

Protecting Your Script From Spammers

Forms and User Submissions

[carbonize]

Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.

I thought about using this once to prevent spam on my guestbook but it is a bad idea due to certain firewalls and browsers blocking referers.

[Miriam]

Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.

 

 

I'm having the same problem. I'm using a php script called afh.php (Advanced Form Handler). I've been using it for a couple of years on a number of sites and had no problem. Now a number of clients are receiving many many many (30 or more) form submissions each day, many are totally blank, and many have every field filled out with something like: dfladkfkdfj@clientsActualIPAddressInNumbers

 

I can't figure out how this is happening or how to stop it.

 

In my forms, I'm using some javascript to require certain fields, and also the <input name="required" type="hidden" value="Name,email">, but this isn't stopping blank forms from being submitted.

 

This script has minimal user configuration, and I don't know where to add the referrer information.