Jump to content
denglund1996

Need A Secure Contact Form For My Website

By denglund1996, in Software/Scripts/Other Alerts

Recommended Posts

denglund1996    0

denglund1996
Posted

To get away from the spam email I was receiving as a result of listing my email address on my website(s), I have been using a contact form produced by Christopher Heng at TheSiteWizard.com. Recently, I was spammed by somebody who found a way to use the form. TCH seems to be monitoring such events quite closely, and the way I found out about the attack was by visiting my site and finding my account had been suspended. This was in spite of the fact that I was the only recipient of the spam and my account had been suspended after only 15 messages. While this seems a bit over-reactionary it is comforting to know that TCH takes spammers so seriously :)

 

Anyway, I contacted the script's author and informed him of the vulnerability. He suggested that I visit his site and generate a new "feedback.php" file which includes newer php and/or javascript code that should prevent the spam attacks from occurring again. I did that. Unfortunately, I encountered two additional spam e-mail's sent to my Inbox, so I have had to disable the script again and am waiting to hear if the author can plug the remaining hole(s). :(

 

Does anyone know if a truly secure contact form that I could use on my website? Or, can you suggest some sort of free service I could use instead that has anti-spammer technology built in that could act as my means of visitor communications with me?

Share this post

Link to post
Share on other sites

jayson    0

jayson
Posted (edited)
To get away from the spam email I was receiving as a result of listing my email address on my website(s), I have been using a contact form produced by Christopher Heng at TheSiteWizard.com. Recently, I was spammed by somebody who found a way to use the form. TCH seems to be monitoring such events quite closely, and the way I found out about the attack was by visiting my site and finding my account had been suspended. This was in spite of the fact that I was the only recipient of the spam and my account had been suspended after only 15 messages. While this seems a bit over-reactionary it is comforting to know that TCH takes spammers so seriously :)

 

Anyway, I contacted the script's author and informed him of the vulnerability. He suggested that I visit his site and generate a new "feedback.php" file which includes newer php and/or javascript code that should prevent the spam attacks from occurring again. I did that. Unfortunately, I encountered two additional spam e-mail's sent to my Inbox, so I have had to disable the script again and am waiting to hear if the author can plug the remaining hole(s). :(

 

Does anyone know if a truly secure contact form that I could use on my website? Or, can you suggest some sort of free service I could use instead that has anti-spammer technology built in that could act as my means of visitor communications with me?

 

Try this page out, the email gets encoded

 

email encoder

 

attached is an example of what the regular email looks like, and the encoded result

encode.zip

Edited by jayson

Share this post

Link to post
Share on other sites

denglund1996    0

denglund1996
Posted
Try this page out, the email gets encoded

 

email encoder

 

attached is an example of what the regular email looks like, and the encoded result

Thanks much. That looks really helpful where I really need to list an email address on a page. And I have some sites where this *will* come in handy :(

 

I've done a little more research and found a couple of helpful ideas in this article at the HealYourChurchWebsite.com. I have installed Jim Seymour's Simle Contact Form (SCForm) at my site. I invite you to give it a try. Let me know if you see any security holes.

 

Thanks! :)

Share this post

Link to post
Share on other sites

chuckmalani    0

chuckmalani
Posted (edited)
Does anyone know if a truly secure contact form that I could use on my website?

 

I had a similiar issue and I installed PHPMailer. You can find it here: http://phpmailer.sourceforge.net/

 

Its not a contact form, but a php class, that you can use on the backend of your existing forms rather than use the php mail() function. So, if you have sites that have custom forms and you were using the mail() function in the form's action (like i was...) then this is a suitable solution.

 

Many programs use the PHPMailer class (Mambo for instance...) and there is a great tutorial on phpfreaks.com: http://www.phpfreaks.com/tutorials/130/0.php

 

Good luck...

 

Chuck

Edited by FSUchucky3

Share this post

Link to post
Share on other sites

stevevan    0

stevevan
Posted

Just remember that what's secure today may not be secure tomorrow.

Share this post

Link to post
Share on other sites

kahill    0

kahill
Posted

I got the Ultimate form mailer and upon submit it gave me

 

The file /home/ujbbapac/public_html/realo/formcontact/class.UFMail.php has been encoded with the ionCube PHP Encoder and requires the free ioncube_loader_lin_4.4.so ionCube PHP Loader to be installed.

 

It didn't do that 2 days ago :)

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing
×
×
  • Create New...