denglund1996 0 Posted November 26, 2005 Share Posted November 26, 2005 To get away from the spam email I was receiving as a result of listing my email address on my website(s), I have been using a contact form produced by Christopher Heng at TheSiteWizard.com. Recently, I was spammed by somebody who found a way to use the form. TCH seems to be monitoring such events quite closely, and the way I found out about the attack was by visiting my site and finding my account had been suspended. This was in spite of the fact that I was the only recipient of the spam and my account had been suspended after only 15 messages. While this seems a bit over-reactionary it is comforting to know that TCH takes spammers so seriously Anyway, I contacted the script's author and informed him of the vulnerability. He suggested that I visit his site and generate a new "feedback.php" file which includes newer php and/or javascript code that should prevent the spam attacks from occurring again. I did that. Unfortunately, I encountered two additional spam e-mail's sent to my Inbox, so I have had to disable the script again and am waiting to hear if the author can plug the remaining hole(s). Does anyone know if a truly secure contact form that I could use on my website? Or, can you suggest some sort of free service I could use instead that has anti-spammer technology built in that could act as my means of visitor communications with me? Quote Link to post Share on other sites
jayson 0 Posted November 26, 2005 Share Posted November 26, 2005 (edited) To get away from the spam email I was receiving as a result of listing my email address on my website(s), I have been using a contact form produced by Christopher Heng at TheSiteWizard.com. Recently, I was spammed by somebody who found a way to use the form. TCH seems to be monitoring such events quite closely, and the way I found out about the attack was by visiting my site and finding my account had been suspended. This was in spite of the fact that I was the only recipient of the spam and my account had been suspended after only 15 messages. While this seems a bit over-reactionary it is comforting to know that TCH takes spammers so seriously Anyway, I contacted the script's author and informed him of the vulnerability. He suggested that I visit his site and generate a new "feedback.php" file which includes newer php and/or javascript code that should prevent the spam attacks from occurring again. I did that. Unfortunately, I encountered two additional spam e-mail's sent to my Inbox, so I have had to disable the script again and am waiting to hear if the author can plug the remaining hole(s). Does anyone know if a truly secure contact form that I could use on my website? Or, can you suggest some sort of free service I could use instead that has anti-spammer technology built in that could act as my means of visitor communications with me? Try this page out, the email gets encoded email encoder attached is an example of what the regular email looks like, and the encoded result encode.zip Edited November 26, 2005 by jayson Quote Link to post Share on other sites
denglund1996 0 Posted November 26, 2005 Author Share Posted November 26, 2005 Try this page out, the email gets encoded email encoder attached is an example of what the regular email looks like, and the encoded result Thanks much. That looks really helpful where I really need to list an email address on a page. And I have some sites where this *will* come in handy I've done a little more research and found a couple of helpful ideas in this article at the HealYourChurchWebsite.com. I have installed Jim Seymour's Simle Contact Form (SCForm) at my site. I invite you to give it a try. Let me know if you see any security holes. Thanks! Quote Link to post Share on other sites
stevevan 0 Posted November 27, 2005 Share Posted November 27, 2005 One more email encoder for you: click here. Quote Link to post Share on other sites
chuckmalani 0 Posted December 1, 2005 Share Posted December 1, 2005 (edited) Does anyone know if a truly secure contact form that I could use on my website? I had a similiar issue and I installed PHPMailer. You can find it here: http://phpmailer.sourceforge.net/ Its not a contact form, but a php class, that you can use on the backend of your existing forms rather than use the php mail() function. So, if you have sites that have custom forms and you were using the mail() function in the form's action (like i was...) then this is a suitable solution. Many programs use the PHPMailer class (Mambo for instance...) and there is a great tutorial on phpfreaks.com: http://www.phpfreaks.com/tutorials/130/0.php Good luck... Chuck Edited December 1, 2005 by FSUchucky3 Quote Link to post Share on other sites
TCH-Bruce 16 Posted December 1, 2005 Share Posted December 1, 2005 If you want a secure form mailing script TCH is recommending Ultimate Form Mailer. When you install UFM please rename it something other than contact.php. Quote Link to post Share on other sites
stevevan 0 Posted December 1, 2005 Share Posted December 1, 2005 Just remember that what's secure today may not be secure tomorrow. Quote Link to post Share on other sites
kahill 0 Posted January 4, 2006 Share Posted January 4, 2006 I got the Ultimate form mailer and upon submit it gave me The file /home/ujbbapac/public_html/realo/formcontact/class.UFMail.php has been encoded with the ionCube PHP Encoder and requires the free ioncube_loader_lin_4.4.so ionCube PHP Loader to be installed. It didn't do that 2 days ago Quote Link to post Share on other sites
TCH-Andy 1 Posted January 4, 2006 Share Posted January 4, 2006 Please see this link http://www.surefirewebdesign.com/ufm/index.php?act=ST&f=2&t=559 for information on updating the ioncube loader for UFM. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.