[thelist] what's the hole in my contact form anti-spam?

Nadeem Hosenbokus nadeem at multigraphics.biz
Fri Sep 11 13:22:11 CDT 2009


I might be missing something here, but wouldn't

	$findspam3 = strpos($_POST['message'], "url");

return true for any string that has 'url' in it? So if I use words like
'curl', 'burly', 'unfurl', etc - would my message be treated as spam? 


	$findspam3 = strpos($_POST['message'], " url");


	$findspam3 = strpos($_POST['message'], "url=");

be better?

Also, if you're looking for several indications of what is spam, what I like
to do is use a counter like this:

if(strpos($_POST['message'], "["))$c++;
if(strpos($_POST['message'], "]"))$c++;
if(strpos($_POST['message'], "url"))$c++;
if(strpos($_POST['message'], "http://"))$c++;
if(strpos($_POST['message'], "link="))$c++;

then I store messages in a database with the number of spam indicators and
then use that information to begin defining levels of spam that are allowed,
maybe allowed, definitely not allowed, etc.

You could then expand that further so that different indications increment
the counter more:

if(strpos($_POST['message'], "http://")){ $c++;$c++;$c++;}

Just a thought.

Nadeem Hosenbokus
Exocet Studios - a brand of Multigraphics Ltd
Office:  (+230) 212 6390 / 208 6499
Mobile: (+230) 254 8221
Fax:     (+230) 212 6789
24 St. Georges Street, Port Louis

-----Original Message-----

Nan Harbison wrote:
> My client did NOT want a captcha under any circumstances, so in
> after watching how the fields were filled out by bots for a few weeks, I
> created this code:
> 	 $findspam1 = strpos($_POST['message'], "[");
> 	 $findspam2 = strpos($_POST['message'], "]");
> 	 $findspam3 = strpos($_POST['message'], "url");
> 	 $findspam4 = strpos($_POST['message'], "http://");
> 	 $findspam5 = strpos($_POST['message'], "link=");
> 	 if ($findspam1==false && $findspam2==false && $findspam3==false &&
> $findspam4==false && $findspam5==false)
> 	 {
> 	  if ---the code you already have here----
> 		{
> 			to do whatever
> 		}
> 	 }
> And I haven't had any spam since then, and now, having said that, I bet I
> going to have to eat those words!!!
> Nan

More information about the thelist mailing list