[thelist] what's the hole in my contact form anti-spam?

Joel Canfield joel at bizba6.com
Wed Sep 9 22:50:43 CDT 2009


On Wed, Sep 9, 2009 at 7:20 PM, Roberto Gorjão
<roberto at asenseofdesign.com>wrote:

> You're missing the
>
> if($_POST['fettucine'] = 'wet') {
>
> on line 1, and another
>
> }
>
> at the end.
>
> Also, you're missing the "for" attributes in your label tags.
>
> Roberto
>
>
Perhaps I was unclear. I'll try again.

My form sends the value of a hidden field. If the response form doesn't
receive that value for that field (as in, spammers access the form directly
without adding that bit of info they can't know) the form won't process.

Yet, we are getting spam, such as the sample I sent.

How? Why? What logic error have I made which is allowing random spammers to
access the back end, sending us trash emails, bypassing my logic?

joel



More information about the thelist mailing list