+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Web Development Thread, Web-based contact form being abused in Coding and Web Development; I have a problem with our email form used to contact us being abused. Pupils are sending abusive messages into ...
  1. #1

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Web-based contact form being abused

    I have a problem with our email form used to contact us being abused. Pupils are sending abusive messages into the enquiries address which is then viewed by our secretary.

    There is validation of the form on the site but they just get around that by suppliying a fake but valid address.

    Is there any way i can filter the message contents and then dump any that don't adhere to good manners?

    I hope you can help as it has become very problematic but i don't want to take down the form as it is useful.

    Thanks in advance.

  2. #2
    Guest

    Re: Web-based contact form being abused

    Can you not block the contact page for children via your proxy?

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,249
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463

    Re: Web-based contact form being abused

    If they are doing it from school could you block the contact us page? Allo you could just put the E-mail address on the site without the form. If you are going to do this put the e-mail down as a picture so the site can't be scanned for e-mail addresses by spammers.

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,249
    Thank Post
    898
    Thanked 1,785 Times in 1,537 Posts
    Blog Entries
    12
    Rep Power
    463

    Re: Web-based contact form being abused

    Beat me to it SYSMAN_MK!

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,164
    Thank Post
    522
    Thanked 2,555 Times in 1,983 Posts
    Blog Entries
    24
    Rep Power
    879

    Re: Web-based contact form being abused

    Which language is your form in?

    I used to have a php script which checked that the domain was a valid one as well as being a validly formatted address.

    Other than that, there is not much you can do - adding things like email verification would annoy legitimate posters more.

  6. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,686
    Thank Post
    279
    Thanked 784 Times in 611 Posts
    Rep Power
    225

    Re: Web-based contact form being abused

    I wonder, do you have a VLE?

    It probably logs IPs, so it would be quite easy to link IPs to vle usernames, and then not much of a stretch to link the form abuse to the offenders?

    This assumes it's being sent externally. If it's done internally, you should be able to link ip address -> machine -> timeframe -> logged on user.

    Can you redirect the content through spamassassin before it gets sent to the secretary?

  7. #7

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: Web-based contact form being abused

    It is sent externally and we don't have a VLE (yet). The form uses php to send the email and javascript to validate.

    We host our website on Broadband Sandwells servers and send the form trough their localhost account so probably doesn't go through their spam filter either.

    Is there anything script-wise i can do to filter out email based on words before submitting, i.e. form fields have to go into variables to create theemail so could i not run it against a list of words and if it matches stop the mail being sent?

    I Don't know php much which is why i ask.

  8. #8
    Gerry's Avatar
    Join Date
    Jun 2007
    Location
    North Wales
    Posts
    431
    Thank Post
    60
    Thanked 38 Times in 35 Posts
    Rep Power
    24

    Re: Web-based contact form being abused

    You should be able to log visitor IP's using this line of PHP:
    $ip=@$REMOTE_ADDR;

    Or if "register_global" is set to Off in "php.ini":
    $ip=$_SERVER['REMOTE_ADDR'];

    Change the contact us page to show their IP and say that it will be logged with the message and that any abuse will be reported to the authorities ;-)

  9. #9

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: Web-based contact form being abused

    Thanks for that one Gerry. I was going to look into ip logging and that just saved me looking around to find it.

    I have checked the access log on the webserver though and the ip address seems to resolve to an AOL proxy server. Can anyone confirm that this would be the case? I don't want to blacklist the IP and as a result block legitimate users.

    Is there anyway to log the actual users modem IP?

  10. #10

    Join Date
    Sep 2005
    Location
    Leicester, UK
    Posts
    123
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Web-based contact form being abused

    You could check against a list of words yourself quite easily by editing the PHP
    In pseudocode it would be something like this

    Submit to validation.php

    request the form variable textfield input
    while array is not empty do

    if textfield contains array item X then
    banned content variable + 1
    end if

    end while

    If banned content variable is greater then 0
    send email = false
    write to page "sorry your an idiot"
    else
    send email
    end if

    I could probably do that in PHP if i could remember how to write PHP in ASP and ASP.NET i could do it very quickly

    If you want me to do it in PHP send me a PM and i will give it a go although if someone else here is a good PHP expert then let them do it.

    Thanks
    Matt

  11. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: Web-based contact form being abused

    That would be great. I am looking through some javascript at the moment to try and do just that but am having a bit of trouble getting it to work with the other validation fields. I'm a bit naff at this coding thing and am surprised at how far i've got really.

    I don't get a lot of time to sit and learn the stuff properly.

    I can read scripts to a certain extent but cannot write one for the life of me.
    Any help would be great.

    Thanks for the offer.

  12. #12

    Join Date
    Sep 2007
    Posts
    181
    Thank Post
    4
    Thanked 2 Times in 2 Posts
    Rep Power
    15

    Re: Web-based contact form being abused

    Straying a bit off the point here, but just out of interest, why do you use an email contact form, rather than just publishing an email address?

    From a personal point of view, I'm always suspicious about forms, and worry that there isn't actually a real person at the other end of it who will receive the message!

  13. #13

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: Web-based contact form being abused

    Not everyone owns a computer and so if they use their local library to browse the site and come across the contact us page they would not have either an email address or an email client configured to use the mailto command.

    The page does send an email to an alias linked to the secretarys inbox, so she should collect them and then respond.

    Thats the plan anyway.

  14. #14

    Join Date
    Sep 2007
    Posts
    181
    Thank Post
    4
    Thanked 2 Times in 2 Posts
    Rep Power
    15

    Re: Web-based contact form being abused

    Fair enough. Not sure how someone would receive the reply if they don't have an email address, but I take your point about not having an email client configured.

  15. #15

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: Web-based contact form being abused

    They could state that in the message and leave a phone number to reply to.
    Since it would be a human on the other end it would be dealt with accordingly.

    Again that is the plan anyway.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Contact Form Not Working
    By FN-GM in forum EduGeek Joomla 1.0 Package
    Replies: 9
    Last Post: 15th February 2008, 01:12 PM
  2. How would you like to contact technical support?
    By StuartC in forum Educational Software
    Replies: 17
    Last Post: 17th October 2007, 02:33 PM
  3. Play.com Contact details???
    By timbo343 in forum General Chat
    Replies: 3
    Last Post: 14th September 2007, 10:31 AM
  4. Contact with kids
    By RoyG in forum General Chat
    Replies: 15
    Last Post: 23rd January 2006, 12:17 PM
  5. those trying to contact me
    By russdev in forum Other Stuff
    Replies: 11
    Last Post: 15th September 2005, 07:59 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •