Feedback form & spam/idiots: any solutions?

[marksalehouse]

I recently refurbished my website and set up a simple feedback forum. I am getting some rubbish mails like this one below:

Below is the result of your feedback form. It was submitted by(bmrzwj@jtlmyp.com) on Sunday, August 2, 2009 at 21:47:23
First_Name: qrclqdqv
Surname: qrclqdqv
contactnumber: UWfNdRZrtoVdYgC
contacttime: lmGCrMLVgqorA
Interest: unzf0j <a href="http://fxreqihqqasw.com/">fxreqihqqasw</a>, qvavlyhjosid, [link=http://quocqmgqmebu.com/]quocqmgqmebu[/link], http://lzilfzqdpwln.com/
Submit: Submit

The header is:

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtTQ0w9MQ==
X-Message-Status: n:0
X-SID-PRA: bmrzwj@jtlmyp.com
X-Message-Info: JGTYoYF78jGvv5tKq3znk/gT1U8OvYBrcJmW0CUcCKp4FIRNCafFSBLHtwJBny4B5tNOxUKF l9tNFZa8ufDUgNFxbia3+uYW
Received: from smartrelay.whbdns.com ([208.116.61.12]) by snt0-mc2-f42.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 2 Aug 2009 14:48:04 -0700
Received: from localhost (localhost [127.0.0.1])
by smartrelay.whbdns.com (Postfix) with ESMTP id EE29C5C665
for <marksalehousecom@hotmail.com>; Sun, 2 Aug 2009 21:48:03 +0000 (GMT)
Received: from smartrelay.whbdns.com ([208.116.61.12])
by localhost (smartrelay.whbdns.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id cNWHXfMEqUet for <marksalehousecom@hotmail.com>;
Sun, 2 Aug 2009 21:48:03 +0000 (GMT)
Received: from usa.ultrawhb.com (usa.ultrawhb.com [65.98.100.186])
by smartrelay.whbdns.com (Postfix) with ESMTP id A743E5C5BF
for <marksalehousecom@hotmail.com>; Sun, 2 Aug 2009 21:48:03 +0000 (GMT)
Received: from marksale by usa.ultrawhb.com with local (Exim 4.69)
(envelope-from <marksale@usa.ultrawhb.com>)
id 1MXitn-0000Xa-Fl
for webmaster1@marksalehouse.com; Sun, 02 Aug 2009 21:47:23 +0000
To: webmaster1@marksalehouse.com
From: bmrzwj@jtlmyp.com ()
Subject: General Enquiry from Marksalehouse.com
Message-Id: <E1MXitn-0000Xa-Fl@usa.ultrawhb.com>
Date: Sun, 02 Aug 2009 21:47:23 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - usa.ultrawhb.com
X-AntiAbuse: Original Domain - marksalehouse.com
X-AntiAbuse: Originator/Caller UID/GID - [32049 500] / [47 12]
X-AntiAbuse: Sender Address Domain - usa.ultrawhb.com
X-Source: /usr/bin/perl
X-Source-Args: /usr/bin/perl FormMail.pl
X-Source-Dir: marksalehouse.com:/public_html/cgi-bin
Return-Path: marksale@usa.ultrawhb.com
X-OriginalArrivalTime: 02 Aug 2009 21:48:04.0383 (UTC) FILETIME=[E9FA72F0:01CA13BA]

Obviously, from the keystrokes, it is just people messing about, but for what reason?

Is there anyway to limit or stop this nonsense?

Thanks,

Mark

[Matt R.]

Try introducing captcha... it will help reduce it.

[marksalehouse]

Thanks.

I was hoping not to but it looks like I will.

Any idea what is on people's minds when they send this drivel?

Mark

[Tony]

Any idea what is on people's minds when they send this drivel?

I'm not so sure it's people - it could be bots. Regardless, the motivation behind it is money.

Most captcha's were broken a couple years ago, so now they're just more of an annoyance to real people. Since then, I've had much better luck with a random question.

[marksalehouse]

Thanks Toni.

I set up RECAPTHA and I am still getting the same old crap. I thought RECATCHA was supposed to get rid of bots.

If there is a handy bit of code you have then I will try it (being somewhat lazy), especially if it works elsewhere.

Thanks everyone.

M

[warpsite]

This is probably a simple solution, but it cut out all of the crap responses so far:

I use a "Are you human?" question in all of my forms:

<td height="30" width="189" bgcolor="#EFF3F7" bordercolor="#FFFFFF">
<font face="Verdana" size="1"><b>ANTISPAM: Are you human?</b></td>

<td height="30" width="469" bgcolor="#EFF3F7" bordercolor="#FFFFFF"><input name="radHumanCheck" value="humanyes" type="radio"> Yes&nbsp;&nbsp;&nbsp; <input name="radHumanCheck" checked="checked" value="humanno" type="radio"> No<br></td></tr>

The php:

<?php
include("global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','FullName');
pt_register('POST','EmailAddress');
pt_register('POST','Subject');
pt_register('POST','Pleaseenterthetextofyourinquir yhere');
pt_register('POST','radHumanCheck');
$Pleaseenterthetextofyourinquiryhere=preg_replace( "/(\015\012)|(\015)|(\012)/","&nbsp;<br />", $Pleaseenterthetextofyourinquiryhere);if($FullName =="" || $EmailAddress=="" || $Subject=="" || $Pleaseenterthetextofyourinquiryhere=="" || $radHumanCheck=="humanno" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*" ."@"."([a-z0-9]+([\.-][a-z0-9]+)*)+"."\\.[a-z]{2,}"."$",$EmailAddress)){
$error.="<li>Invalid email address entered";
$errors=1;
}
if($errors==1) echo $error;
else{
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF) ,"/"));
$message="Full Name: ".$FullName."
Email: ".$EmailAddress."
Subject: ".$Subject."
Please enter the text of your inquiry here: ".$Pleaseenterthetextofyourinquiryhere."
";
$message = stripslashes($message);
if($radHumanCheck=="humanyes") mail("email not shown","Professional Inquiry Submission",$message,"From: phpFormGenerator");
?>

I purposely stripped out the reply email address and replaced it with "email not shown".

I do not know how to program php, so you can imagine the work I went through finding the code and inserting it into my php so that it actually worked. But it does seem to keep the spammers from using my forms, so it was worth it.

Here's the actual page of one of the forms:

http://www.cfnson.com/inqform.html

- Mike

[marksalehouse]

Thanks Mike, nice work.

PHPBB Forums allow something similar by setting up your own required fields.

I had a look at reCAPTCHA: they also have an intermediate form between any stated email address and the send page. This means that the address itself can be hidden until the reCAPTCHA is filled out.

PHPBB are changing CAPTCHA to reCAPTCHA in the coming 3.0.6 update.

Mark

[Tony]

I don't see recaptcha doing any better than straight captcha. It just adds a second image, but the second image isn't known anyway.

If this is for phpbb, dump all captchas, but in addition to a human question you might want to add something else I've had good luck with in vbulletin: A time zone lockout mod. Because my forum is local, I disallow connections from all timezones except the US. Lots easier than chasing after whole nets to exclude in other parts of the world.

[marksalehouse]

I installed reCAPTCHA on a website and a day later I got the usual crap so it is not the obvious solution. It is only since I introduced the feedback form that this is happening.

The website is UK based but it does get a lot of hits from ex-pats and other interested parties across the globe.

M

[Twiztid]

I am actually working on a php code to stop this for school once i get it done I will share it for those who want it.

[warpsite]

Thanks Mike, nice work.

Thank you, Mark. It's not bad for someone who doesn't really know PHP. :O)

- Mike

[aztech]

Guys,

I have a Drupal CMS running for my business site and starting using Mollom (http://mollom.com/) about 6 months ago and the SPAM has almost stopped.

It gives a few options on how strict you want it to be and where you want it applied from a Drupal point of view. I use it to allow comments / feedback without captcha, and if it looks like SPAM then it asks the user to confirm with a captcha before accepting, seems to work OK.

Cheers,
Aaron

[marksalehouse]

Since using reCAPTCHA the spam has ceased.

Apparently PHPBB 3.0.6 will be using this as standard.

Mark

[Tony]

I never tried recaptcha. And I don't need it right now, having a question instead.

I know some captchas are getting really annoying and hard to read. I ran into one of those this past weekend - I must have reloaded nearly 20 times before seeing anything readable.

[Alan B]

That's very true. I've seen several lately that were either unreadable or ambiguous.