[thelist] what's the hole in my contact form anti-spam?

Joel Canfield joel at bizba6.com
Wed Sep 9 20:22:13 CDT 2009


Here's the basic php for the contact page and response page uploaded 28
July, and a sample of the spam that's been coming in today (nothing before
now.) What am I missing?
contact.php

<form name="theForm" action="contactresponse.php" method="post"
onsubmit="return isValid(this);">
<input type="hidden" name="mysauce" id="mysauce" value="alfredosauce" />
<input type="hidden" name="FormSource" id="FormSource" value="Contact Form"
/>
<div class="row"><span class="label">Name </span><span class="formw"><input
type="text" name="RealName" id="RealName" /></span></div>
<div class="row"><span class="label">E-mail </span><span
class="formw"><input type="text" name="Email" id="Email" /></span></div>
<div class="row"><span class="label">Telephone </span><span
class="formw"><input type="text" name="Telephone" id="Telephone"
/></span></div>
<div class="row"><span class="label">Other Comments or Questions
</span><span class="formw"><textarea name="OCQ" id="OCQ" cols="18"
rows="6"></textarea></span></div>
<div class="row"><span class="label">Is water wet or dry? (This tells us
you're not an evil internet spambot)</span><span class="formw"><input
type="text" name="fettucine" id="fettucine" /></span></div>
<div class="row"><input type="submit" name="submit" id="ContactSubmit"
value="Fix My Broken Marketing" /></div>
</form>

contactresponse.php

if($_POST['mysauce'] = 'alfredosauce') {
if(isset($_POST['submit'])) {
$form_source = $_POST['FormSource'];
$name_field = $_POST['RealName'];
$email_field = $_POST['Email'];
$telephone_field = $_POST['Telephone'];
$othercomments_field = $_POST['OCQ'];
$to = "example at example.com";
$subject = "Website contact from $name_field";
$headers = "From:  Website <website@ example.com>\r\n";
$headers .= "Cc: Joel D Canfield<joel at bizba6.com>\r\n";
$headers .= "Reply-To: example@ example.com";
$body = "From:\n    $name_field\n\nEmail:\n    $email_field\n\nTelephone:\n
   $telephone_field\n\nOther Comments or Questions:\n
 $othercomments_field\n";
mail($to, $subject, $body, $headers);
}
}




and we're getting spam like this all of a sudden today:

From:
   xehrecua

Email:
   dxzkwe at qdcyjq.com

Telephone:
   WnSKnjJZrgCmPX

Other Comments or Questions:
   urC7MB  <a href="http://rinwdpbhilbp.com/">rinwdpbhilbp</a>, [url=
http://tbgldazvqjeq.com/]tbgldazvqjeq[/url], [link=
http://oawhiiybxdxd.com/]oawhiiybxdxd[/link], http://btvhepsqvbty.com/

-- 
Joel at Bizba6.com
http://BusinessHeretics.com/



More information about the thelist mailing list