1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

client receiving spam through contact form

Discussion in 'BlackHat Lounge' started by theseodude, Jun 19, 2013.

  1. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    Hello

    I have installed "fast secure contact form" on a client's website.
    client says he is receiving spam messages through the form, and he is asking me if we can block it. so I wanted to find out if there is a good way of doing this.

    I can block their ip via htaccess, but they can easily change their ip
    I can block any messages containing links, but then a legit user won't be able to send links.

    what else can I do? am I missing anything?
     
  2. barant

    barant Registered Member

    Joined:
    Mar 31, 2013
    Messages:
    57
    Likes Received:
    3
    I would call your host, they are good with stuff like that usually. Or add some crazy captcha software, or change plugin to paid online form that combats spam.
     
  3. garthor

    garthor Newbie

    Joined:
    Mar 24, 2013
    Messages:
    48
    Likes Received:
    13
    Well, there's always the posbility of adding a captcha requirement to the contact form.
    That should decrease the spam significantly. I would also IP block them via the htaccess
    (although, the captcha by itself should take care of them)
     
  4. TheRealRazzy

    TheRealRazzy Jr. VIP Jr. VIP

    Joined:
    Mar 2, 2011
    Messages:
    1,464
    Likes Received:
    1,761
    Location:
    Chicago, IL
    Home Page:
    Add a captcha, it will cut down on the spam. But there will always be spam out there.

    If he/she is getting hundreds of spam emails daily then you need to change it and monitor it to see what's going on. If they're just getting one or two then it's not much to worry about.
     
  5. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,116
    Likes Received:
    28,551
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Yeah add a captcha, there are bots that scour the web looking for those contact forms to spam.
     
  6. saber210

    saber210 Supreme Member

    Joined:
    Sep 1, 2011
    Messages:
    1,358
    Likes Received:
    500
    Location:
    -
    you can add captcha and install akismet if you are using wordpress.

    Akismet works on forms too.
     
  7. Pornguy

    Pornguy Regular Member

    Joined:
    Nov 29, 2012
    Messages:
    320
    Likes Received:
    106
    Home Page:
    I was recently getting the same thing. I added recaptcha and took care of all but about 1 or 2 spam messages a week. I was getting a few per day
     
  8. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    1. add a captcha.
    2. block them by geoip script if they're overseas.
     
  9. killerz

    killerz Registered Member

    Joined:
    Jan 14, 2008
    Messages:
    75
    Likes Received:
    17
    Occupation:
    IM Student
    Location:
    BHW
    You could either add a captcha field in the contact form or if you can't, replace the contact form with one which has captcha protection built in and that should pretty much take care of the spam emails/messages.
     
  10. dubious

    dubious Regular Member

    Joined:
    Apr 22, 2012
    Messages:
    235
    Likes Received:
    222
    Occupation:
    Project Manager/Business Development Manager
    Location:
    Australia
    What type of spam if it (ie: automatically generated etc).

    Three methods that would drastically reduce spam rates:

    1) Captcha as mentioned above, but try a simple checkbox that simply notifies that the user is not spam as it has a higher reduction than most general CAPTCHAs whilst providing no drop off by increasing the barrier of entry
    2) Install Honeypot on that form page. Honeypot is basically an invisible form in which auto-form fillers max out but users won't fill.
    3) If it's manual submission, then the best thing you can do is to kill the footprints that lead them you your website. The easiest way to do this is the find your standard "leave a reply" footprints and replace them with Data URIs so that scrapers can't read them but users can. So in the RAW HTML, instead of writing "Leave a Reply", you'd input this:
    Code:
    data:text/plain;charset=utf-8;base64,TGVhdmUgYSByZXBseQ==