My form is working correctly (thanks to TNTEverett!), but today I received 6 really weird mails, I can't make anything of it and I'm not an expert in spam... Is it spam en can I do anything about this? Below is the mail I received:
Naam: of9038@vincents.nl
Email: of9038@vincents.nl
Telefoonnummer: of9038@vincents.nl
Website:
Vragen of opmerkingen: of <br />Content-Type: multipart/alternative; boundary=330c13216ee084e547681a131bbf5613 <br />MIME-Version: 1.0 <br />Subject: counthry, excipt <br />bcc: bajfla@aol.com <br /> <br />This is a multi-part message in MIME format. <br /> <br />--330c13216ee084e547681a131bbf5613 <br />Content-Type: text/plain; charset="us-ascii" <br />MIME-Version: 1.0 <br />Content-Transfer-Encoding: 7bit <br /> <br />was said to be wan iv th quickest iver heerd since <br />--330c13216ee084e547681a131bbf5613-- <br /> <br />. <br />
My Outlook says it's from: phpFormGenerator@wmphpp........
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since it's from phpFormGenerator, and if it's from your domain, someone probably spammed your form. This can and will happen without some simple protection. Even with simple protection it will probably happen but hopefully with much less frequency.
What you need to do is change the process.php to detect where the form had been referenced from. In you case you would want to make sure your form has been entered (refered to) from your web site. This way anyone entering your form from places other than your web site the form entry will be ignored.
Let me know if you still need help.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is not something you should try unless you are familiar with PHP and some basic methods of form security.
Send some details of your particular problem so we can be sure you really need to take some action to secure your form. Spamming of forms is not common unless you have a form that provides some benefit to the spammer. Ask yourself this question; why would anyone want to spam your form? If you can answer the question then maybe you should take some action. If you can't then maybe spamming is not your problem to begin with.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am presently using an HTML form and Formail, but am redoing the form in phpformgenerator. The emails are similar to Ladybirdies, and an extract from one (they are legnthy forms) is below;
All of the emails start with some random digits followed by the site domain - @safeinsouthyorks.co.uk, and which is repeated throughout every field in the form.
You will note that the HTTP_USER_AGENT does not show a browser, neither in the server logs.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hence the exit command after the warning. The script exits without further processing.
echo "Warning! You have accessed this form without permission. All accesses to this form are recorded. Improper use will be traced and proper legal action will be taken.";
exit;
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have tried to incorporate this code but I must have the url wrong for my site because I get the error even when you fill out the form from the website.
I have entered the url as the following with no luck getting it to work:
/Library/Links/
/public_html/Library/Links
/home/scrapuni/public_html/Library/Links
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I went back and worked with the file. It works perfectly as long as I don't have the code from this thread in it so I must be doing something wrong with the url or code itself.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Preliminary testing has shown me this code works very well. I have included it in my process.php and will monitor in the days to come to see if I get any more spam and what kind will I get. hopefully none!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
if (preg_match("/{the URL #1 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
elseif (preg_match("/{the URL #2 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
elseif (preg_match("/{the URL #3 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
else {
echo "Warning! You have accessed this form without permission. All accesses to this form are recorded. Improper use will be traced and proper legal action will be taken.";
exit;
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My form is working correctly (thanks to TNTEverett!), but today I received 6 really weird mails, I can't make anything of it and I'm not an expert in spam... Is it spam en can I do anything about this? Below is the mail I received:
Naam: of9038@vincents.nl
Email: of9038@vincents.nl
Telefoonnummer: of9038@vincents.nl
Website:
Vragen of opmerkingen: of <br />Content-Type: multipart/alternative; boundary=330c13216ee084e547681a131bbf5613 <br />MIME-Version: 1.0 <br />Subject: counthry, excipt <br />bcc: bajfla@aol.com <br /> <br />This is a multi-part message in MIME format. <br /> <br />--330c13216ee084e547681a131bbf5613 <br />Content-Type: text/plain; charset="us-ascii" <br />MIME-Version: 1.0 <br />Content-Transfer-Encoding: 7bit <br /> <br />was said to be wan iv th quickest iver heerd since <br />--330c13216ee084e547681a131bbf5613-- <br /> <br />. <br />
My Outlook says it's from: phpFormGenerator@wmphpp........
Since it's from phpFormGenerator, and if it's from your domain, someone probably spammed your form. This can and will happen without some simple protection. Even with simple protection it will probably happen but hopefully with much less frequency.
What you need to do is change the process.php to detect where the form had been referenced from. In you case you would want to make sure your form has been entered (refered to) from your web site. This way anyone entering your form from places other than your web site the form entry will be ignored.
Let me know if you still need help.
How do you do that? do you have the modded process.php file, or can you help me mod mine pls.
I am having the same problem as Ladiebirdie.
This is not something you should try unless you are familiar with PHP and some basic methods of form security.
Send some details of your particular problem so we can be sure you really need to take some action to secure your form. Spamming of forms is not common unless you have a form that provides some benefit to the spammer. Ask yourself this question; why would anyone want to spam your form? If you can answer the question then maybe you should take some action. If you can't then maybe spamming is not your problem to begin with.
I am presently using an HTML form and Formail, but am redoing the form in phpformgenerator. The emails are similar to Ladybirdies, and an extract from one (they are legnthy forms) is below;
3g_loss_damage: s2553@safeinsouthyorks.co.uk
7a_pass_info: s2553@safeinsouthyorks.co.uk
7b_pass_Info: s2553@safeinsouthyorks.co.uk
3h_damage_cost: s2553@safeinsouthyorks.co.uk
4b_witness_details: s2553@safeinsouthyorks.co.uk
REMOTE_ADDR: 200.69.177.214
HTTP_USER_AGENT:
DATE: 16:15:36 2006-3-20
All of the emails start with some random digits followed by the site domain - @safeinsouthyorks.co.uk, and which is repeated throughout every field in the form.
You will note that the HTTP_USER_AGENT does not show a browser, neither in the server logs.
Getting the warning is great but could it be extended to simply not allow them to use it? - ie. the script/form stops processing?
Cheers
Hence the exit command after the warning. The script exits without further processing.
echo "Warning! You have accessed this form without permission. All accesses to this form are recorded. Improper use will be traced and proper legal action will be taken.";
exit;
}
I have tried to incorporate this code but I must have the url wrong for my site because I get the error even when you fill out the form from the website.
The form's folder is named Links and sits at http://www.scrapuniversity.com/Library/Links/
I have entered the url as the following with no luck getting it to work:
/Library/Links/
/public_html/Library/Links
/home/scrapuni/public_html/Library/Links
Thanks
can you send me your process.php. It looks like you have a field that doesn't match up, but I could be wrong.
Your URL must include the form1.html file name unless your rename the form1.html file to index.html.
http://www.scrapuniversity.com/Library/Links/form1.html
or with a file name change this would work
http://www.scrapuniversity.com/Library/Links
There's no place to add an attachment so how can I get the file to you?
I went back and worked with the file. It works perfectly as long as I don't have the code from this thread in it so I must be doing something wrong with the url or code itself.
Preliminary testing has shown me this code works very well. I have included it in my process.php and will monitor in the days to come to see if I get any more spam and what kind will I get. hopefully none!
A simple extension of the original:
if (preg_match("/{the URL #1 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
elseif (preg_match("/{the URL #2 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
elseif (preg_match("/{the URL #3 where your form is}/", $_SERVER['HTTP_REFERER'])) {
}
else {
echo "Warning! You have accessed this form without permission. All accesses to this form are recorded. Improper use will be traced and proper legal action will be taken.";
exit;
}
elseif - now I feel silly.
Thanks, works like a charm.