R
R
Roman Baidakov2017-07-06 17:56:17
PHP
Roman Baidakov, 2017-07-06 17:56:17

How to protect a site from spam?

There is a site that constantly receives 10 applications a day in this form:

Почта: [email protected]




С уважением,

разработчики сайта.

I made the field hidden, but it did not help.
Here is the script that handles the mail sending:
<?php
if (isset($_POST['spam'])) {$spam = $_POST['spam'];}
if (empty($spam)) /* Проверка скрытого поля от спама */
{
  if (is_file('lib/class.phpmailer.php')) {
    require_once("lib/class.phpmailer.php");
  }

  if (is_file('lib/class.smtp.php')) {
    require_once("lib/class.smtp.php");
  }

  $http_host = $_SERVER['HTTP_HOST'];
  $body = '';

  if ( substr($http_host, 0, 4)=='www.') {
    $host_name = substr($http_host, 4);
  } else {
    $host_name = $http_host;
  }
  if (isset($_SERVER['HTTP_REFERER'])) {
    $http_referer = $_SERVER['HTTP_REFERER'];
  } else {
    $http_referer = '';
  }

  define ('HTTP_SERVER', 'http://' . $http_host . '/');
  define ('HOST_NAME', $host_name);
  define ('HTTP_REFERER', $http_referer);

  $post = array( 
    'host_name'     => HOST_NAME,
    'host_dir'      => HTTP_SERVER,
    'host_referer'  => HTTP_REFERER
    );

  if (!empty($_POST["form"])) {
    foreach( $_POST["form"] as $key => $value) { 
      $post['user_form'] = $key;
      $body .= 'Форма: ' . $post['user_form'] . chr(10) . chr(13);
    }
  }

  if (!empty($_POST["email"])) {
    $post['user_email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $body .= 'Почта: ' . $post['user_email'] . chr(10) . chr(13);
  }

  if (!empty($_POST["name"])) {
    $post['user_name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
    $body .= 'Имя: ' . $post['user_name'] . chr(10) . chr(13);
  }

  if (!empty($_POST["phone"])) {
    $post['user_phone'] = filter_input(INPUT_POST,'phone', FILTER_SANITIZE_STRING);
    $body .= 'Телефон: ' . $post['user_phone'] . chr(10) . chr(13);
  }

  if (!empty($_POST["message"])) {
    $post['user_message'] = filter_input(INPUT_POST,'message', FILTER_SANITIZE_STRING);
    $body .= 'Сообщение: ' . $post['user_message'] . chr(10) . chr(13);
  }

  if (!empty($_POST["product_name"])) {
    foreach( $_POST["product_name"] as $key => $value){ 
      $post['product_name'] = $key;
      $body .= 'Название товара: ' . $post['product_name'] . chr(10) . chr(13);
    }
  }

  if (!empty($_POST["product_article"])) {
    $first_key = reset($_POST["product_article"]);
    $body .= 'Артикулы: ';
    foreach( $_POST["product_article"] as $key => $value){ 
      $post['product_article'] = $key;
      $body .= $post['product_article'] . ' ';
    }
    $body .=  chr(10) . chr(13);
  }

  $body .= chr(10) . chr(13) . "С уважением," . chr(10) . chr(13) . "разработчики сайта " . $post['host_referer'];


  $mail = new PHPMailer();

  $mail->CharSet      = 'UTF-8';

  $mail->IsSendmail();

  $from = '[email protected]';
  $to = "[email protected],ail.com";
  $mail->SetFrom($from, HOST_NAME);
  $mail->AddAddress($to);

  $mail->isHTML(false);

  $mail->Subject      = "Новая заявка";
  $mail->Body         = $body;

  if(!$mail->send()) {
    echo 'Что-то пошло не так. ' . $mail->ErrorInfo;
    return false;
  } else {
    header("Location: ../success.html");
    return true;
  }
  }
  header("Location: ../success.html");
exit; /* Выход без отправки письма, если поле spam не пустое */

?>

What to do? how to protect the site from spam? Pure HTML+CSS website

Answer the question

In order to leave comments, you need to log in

4 answer(s)
P
Puma Thailand, 2017-07-06
@opium

Put an invisible recaptcha capsule once, check messages through akismeta api twice

X
xmoonlight, 2017-07-07
@xmoonlight

You can display the captcha after filling out the form (load it with Ajax).
UPD: If without captcha: only by checking events from the "mouse" / keyboard along with random hidden fields / checkboxes that robots will fill in in most cases.
Well, and accordingly, you can check the IP-shnik and the correctness of the information entered in the fields using DNSBL and spam databases.

A
Artem Lisovsky, 2017-07-06
@torrie

Pure HTML+CSS website

Sending in pure PHP
Captcha the whole world uses when hidden fields do not help.

D
denchor, 2017-10-30
@denchor

I think that it doesn't matter what filters and protections to put against spam, they will help only partially. After all, there will always be a smarter system. And in this situation, the same ru captcha https://rucaptcha.com/ can do quite well. Therefore, you need to look for a completely different way to get out of the situation to reduce spam.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question