+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Web Development Thread, spam email in Coding and Web Development; I use the following code to allow parents to email into the school while keeping the the email address hidden. ...
  1. #1
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106

    spam email

    I use the following code to allow parents to email into the school while keeping the the email address hidden. Its a simple post form going to another php page with the following code.

    Code:
    <?php 
    
    $to = $_REQUEST['sendto'] ; 
    $from = $_REQUEST['Email'] ; 
    $name = $_REQUEST['Name'] ; 
    $address = getenv('REMOTE_ADDR');
    $headers = "From: $from"; 
    $subject = "Email From School Website"; 
    $today = date("d/m/Y");
    $minutesseconds = date("l dS \of F Y h:i:s A");
    $fields = array(); 
    $fields{"Name"} = "Name"; 
    $fields{"Regarding"} = "Regarding"; 
    $fields{"Email"} = "Email"; 
    $fields{"Message"} = "Message"; 
    $fields{"address"} = "Recieved from Ip address $address this email was posted on $minutesseconds (add 6 hours for GMT time) "; 
    $fields{"Sender"} = "This email was sent to $to"; 
    $body = "We have received the following email via the school website:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); } 
    
    $headers2 = "From: noreply@wykeregisjun.co.uk"; 
    $subject2 = "Thank you for contacting "; 
    $autoreply = "Thank you for contacting us. A member of staff will get back to you as soon as possible. If you have any more questions, please visit our website http://www.wykeregisjun.co.uk";
    
    if($from == '') {print "You have not entered an email, please go back and try again";} 
    else { 
    if($name == '') {print "You have not entered a name, please go back and try again";} 
    else { 
    $send = mail($to, $subject, $body, $headers); 
    $to ="wykeregismail@gmail.com";
    $send = mail($to, $subject, $body, $headers); 
    $send2 = mail($from, $subject2, $autoreply, $headers2); 
    if($send) 
    {header( "Location: http://www.wykeregisjun.co.uk/sendingemail.php" );} 
    else 
    {print "We encountered an error sending your mail, please notify webmaster@wykeregisjun.co.uk"; } 
    }
    }
    ?>
    Unfortunately we are getting a ton of spam being sent through. What I really need is a way of checking if the message contains "http://" and if it does then to not send the email and redirect to another page.

    Any PHP gurus out there that can help please?

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,297
    Thank Post
    242
    Thanked 1,586 Times in 1,263 Posts
    Rep Power
    344
    Is it because you have 'catch all' setup on the domain? You could periodically change the e-mail address the webform sends mail to.

  3. #3
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Sorry I should have added the address for the email form.

    Email Us &#171; Wyke Regis Junior School

    Either a bot is posting stuff into the form or directly to the contact.php page (which contains the above code) I suspect the former and I suspect that its actually a human copying and pasting into the form since the spam is just sent to random members of staff of the contact list. All of the spam is being sent via the contact code, I have included an example of the spam below.

    Name: interracial xxx for you
    Regarding: ChihqJjlVaU
    Email: email@gmail.com
    Message: comment6, <a href= EduGeek.net >Best xxx xxx</a> Best xxx xxx, iucoj, <a href= NO CREDIT CHECK STUDENT LOAN Home Page >no credit check student loan now</a> no credit check student loan now, 289, <a href= EduGeek.net >interracial xxx</a> interracial xxx, 21759, <a href= Bad Credit Student Loans Home Page >Cheap bad credit student loans</a> Cheap bad credit student loans, yaaiv, <a href= EduGeek.net >bbw xxx</a> bbw xxx, 4218,
    Recieved from Ip address 94.142.130.57 this email was posted on Wednesday 17th of February 2010 01:19:36 AM (add 6 hours for GMT time) :
    A simple check to see if the message contains "http://" would stop all spam being sent.

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,297
    Thank Post
    242
    Thanked 1,586 Times in 1,263 Posts
    Rep Power
    344
    You could in theory introduce CAPTCHA also. That would slow them down.

  5. #5
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Yes that's one way of moving forward, though a quick verification of what's been entered would solve the problem straight away.

  6. #6
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    PHP Captcha Security

    I will give this a go and see if it slows the stream of spam.

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,297
    Thank Post
    242
    Thanked 1,586 Times in 1,263 Posts
    Rep Power
    344
    Good luck

    It does make me wonder though if you're theory is right about someone manually copying/pasting; what's the point!!?

  8. #8
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,228
    Thank Post
    161
    Thanked 151 Times in 136 Posts
    Rep Power
    104
    It's not pretty but will do what you've asked, will need to fill your bits in, assumes $body is the main text of your e-mail from the sender.

    PHP Code:
    $tofind 'http://';
    $pos strpos($body$tofind);

    if (
    $pos === FALSE) {

    //not found, do sendmail

    else {

    // report URL found


  9. Thanks to dwhyte85 from:

    ICT_GUY (22nd February 2010)

  10. #9
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Quote Originally Posted by Michael View Post
    Good luck

    It does make me wonder though if you're theory is right about someone manually copying/pasting; what's the point!!?
    Its a gut feeling after seeing the emails come in from various sites, they are irregular and always look as though someone is randomly filling in the form. Probably some kid in a deprived country as cents per day. <sad>

  11. #10
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Quote Originally Posted by dwhyte85 View Post
    It's not pretty but will do what you've asked, will need to fill your bits in, assumes $body is the main text of your e-mail from the sender.

    PHP Code:
    $tofind 'http://';
    $pos strpos($body$tofind);

    if (
    $pos === FALSE) {

    //not found, do sendmail

    else {

    // report URL found

    I will try this on another site this week to see if it works. I am also trying out the captcha. I will see which one works best.

  12. #11
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,228
    Thank Post
    161
    Thanked 151 Times in 136 Posts
    Rep Power
    104
    You can find sites online that will do it!

    Could create a func for checking any URL checking .net .co.uk .org.uk as they may have no https/https prefix. Have an array of prefixes/TLD/ Search terms and have a counter for every time a criterion is met, then you could have a score based block :-p (return the counter from func)
    Last edited by dwhyte85; 22nd February 2010 at 12:30 PM.

  13. Thanks to dwhyte85 from:

    ICT_GUY (22nd February 2010)

  14. #12

    Join Date
    Sep 2009
    Posts
    47
    Thank Post
    6
    Thanked 11 Times in 10 Posts
    Rep Power
    12
    You could just check the referrer and say if they came from this page send email.

  15. Thanks to rlweb from:

    ICT_GUY (22nd February 2010)

  16. #13
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,228
    Thank Post
    161
    Thanked 151 Times in 136 Posts
    Rep Power
    104
    He isn't posting e-mail address to send to so it isn't being hijacked (I assume).

  17. #14
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Quote Originally Posted by dwhyte85 View Post
    He isn't posting e-mail address to send to so it isn't being hijacked (I assume).
    No, they are coming through the contact form. It logs times and ip addresses (in case of abusive emails from the public).

  18. #15
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106
    Captcha is working great, 12 in the space of an hour filtered.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Spam on public enquiries email?
    By gshaw in forum Windows
    Replies: 12
    Last Post: 28th April 2008, 01:04 PM
  2. Replies: 2
    Last Post: 11th March 2007, 04:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •