Welcome Guest, Not a member yet? Register   Sign In
How to avoid of email spam
Thumbs Down 

Hi friends,

Recently I received many spam email from my contact form which is I thought this won't happened via using CSRF and XSS.

All the emails sent from my contact form on my website. Because the subjects are the same as I've set for it.

I thought CSRF can avoid sending these type of emails but I see, it's not. Huh

How can I stop these spams from my website?

Thanks guys

Attached Files Thumbnail(s)

Use captcha or honeypot.
KeepĀ calm.

CI honeypot. Credit to martin7483
KeepĀ calm.

(This post was last modified: 12-08-2015, 09:06 AM by Martin7483.)

Besides using my honeypot

You should force inputs to only accept a certain type of string.
Say you have a phonenumber field, only have it accept a valid phone number.
Check for any BBCODE and links in fields that shouldn't have links in them.

If a form is not valid due to spam protection, don't give any warnings or errors. Just reload to the page with a blank form.
Any given information on why a form fails is a hint to get by your spam protection.

An approach I have used in the past is to add a non visible field. Most spambots will fill in all the fields they find. So if you detect a post value for that field you know it's not a regular user.

I don't like to use captcha, how is working honey pot ?

(12-08-2015, 08:54 PM)ardavan Wrote: I don't like to use captcha, how is working honey pot ?

Did you read my thread about the honey pot?

a honey pot is a hidden form field that has a very common form name like 'name'. only bots will fill out it. if its filled out you don't use it.

Theme © iAndrew 2016 - Forum software by © MyBB