Protecting against SPAM In FormMail

Discuss forms and the best CGIs for handling visitors info from your web site

Moderators: Ilbin, Chuck, Vanessa

Protecting against SPAM In FormMail

Postby Vanessa on Fri Jun 22, 2007 7:36 am

One of the most common questions we get in our support center is how to prevent spammers from abusing online forms. Truth is, with a public form you really can't, but you can add some protective measures to block a very common characteristic of spam -- a ton of links.

This mod was adapted from a version of Matt's FormMail script.

To start, follow the new New FormMail Walkthrough and make sure your form is working. Before you start step one, make a backup up your FormMail file in case something goes wrong!

Step 1: Open your FormMail.pl file and locate line 71, which will look like this:

Code: Select all
# USER CUSTOMISATION SECTION
# --------------------------
# Place any custom code here


Step 2: Directly underneath this section (and before # USER CUSTOMISATION <<END>> ), paste this code:
Code: Select all
sub berthavonsuttner_spamscore_ok { ## based on "sub send_main_email_fields"
## count the occurrences of 'http://'s
## and reject if at or above $tolerance
my $tolerance= 3; ## <<<<<<<<<< user can configure this
# 0=disabled, 1=no http://'s allowed.
$tolerance or return(1,'',0);
my ($self) = @_;
my $ct=0;
my ($val, @temp);
foreach my $f (@{ $self->{Field_Order} }) {
$val = (defined $self->{Form}{$f} ? $self->{Form}{$f} : '')
and @temp= $val=~ m'http://'gi
and $ct+= scalar(@temp); ## count the occurrences of 'http://'
}
($ct < $tolerance, $ct, $tolerance); ## return
}




Step 3: Find this section (now line 2116):

Code: Select all
my $date = $self->date_string;
my $email = $self->get_user_email;
my $realname = $self->get_user_realname;

$self->send_main_email($date, $email, $realname);
$self->send_conf_email($date, $email, $realname);

$self->success_page($date);
}



Replace this entire section with:

Code: Select all
my $date     = $self->date_string;
my $email    = $self->get_user_email;
my $realname = $self->get_user_realname;

my @berthavonsuttner_ok= $self->berthavonsuttner_spamscore_ok;
## debug berthavonsuttner
#  printf "Content-type: text/html\n\n<pre>berthavonsuttner_ok= (%s)</pre>\n", join(',', @berthavonsuttner_ok);
## /debug berthavonsuttner
if ($berthavonsuttner_ok[0]) {
  $self->send_main_email($date, $email, $realname);
  $self->send_conf_email($date, $email, $realname);
} ## /if $berthavonsuttner_ok[0]

  $self->success_page($date);
}



4 - Now, in step two you pasted code that included a tolerance variable ($tolerance= 3;) -- this can be changed to however many url's you wish you allow in your forms. Setting this value to '1' disables them altogether.


This solution is not guaranteed to stop your FormMail spam altogether, but will reduce it significantly!


Please note that FormMail is a third-party script, so we do not officially provide support or guarantee it, or this mod. Please contact the developer for script troubleshooting.
User avatar
Vanessa
Administrator
 
Posts: 649
Joined: Tue Aug 15, 2006 6:31 pm
Location: Virginia Beach, VA

Re: Protecting against SPAM In FormMail

Postby Helius on Sun Jul 19, 2009 4:20 pm

I'd love to see an example or tutorial using some sort of CAPTCHA
Here is one of my faves http://recaptcha.net/learnmore.html
User avatar
Helius
Forum User
 
Posts: 26
Joined: Sun Jul 19, 2009 2:58 pm
Location: Virginia Beach

Re: Protecting against SPAM In FormMail

Postby tripodzid on Sat Sep 22, 2012 2:46 am

Nice tutorial. Thanks for sharing it here. It should be sticked.
tripodzid
Forum User
 
Posts: 30
Joined: Mon Sep 17, 2012 3:42 am


Return to Creating and Using Forms

Who is online

Users browsing this forum: No registered users and 0 guests

cron