Welcome Guest, Not a member yet? Register   Sign In
Got Spammed from a contact form
#21

[eluser]manilodisan[/eluser]
Code:
$cty = $this->input->post('country');
if( $cty != FALSE )
            {
                // Latest chance for this bot, if the mail domain is valid, we will accept him, else we reject
                $parts = explode("@", $this->input->post('email'));

                if(checkdnsrr($parts[1], "MX"))
                {
                    // Ok, maybe that wasn't a bot...
                    return TRUE;
                }
                else
                {
                    // No no, really I don't trust you, YOU ARE A BOT YEAH?
                    $this->validation->error_string = "<h1>Une erreur anormale s'est produite !</h1>
                    <p>Vous ne pouvez pas utiliser ce formulaire.<br />
                    Veuillez nous contacter par téléphone.</p>";

                    return FALSE;
                }
            }
#22

[eluser]Référencement Google[/eluser]
Anyway this code didn't protected me, I will consider another of the solutions that was discussed here, but just for the curiosity, what are the difference between
Code:
$cty = $this->input->post('country');
if( $cty != FALSE )

and

Code:
// CI Input library returns TRUE if this field was posted
if( $this->input->post('country') )
#23

[eluser]Référencement Google[/eluser]
Currently trying Lone's technique. If this doesn't work I will try HdotNET one and latest Xwero one.
I don't believe in the CSS technique as it is the same as the hidden field technique.
#24

[eluser]manilodisan[/eluser]
[quote author="Too Pixel" date="1222471537"]...but just for the curiosity, what are the difference between
Code:
$cty = $this->input->post('country');
if( $cty != FALSE )

and

Code:
// CI Input library returns TRUE if this field was posted
if( $this->input->post('country') )
[/quote]

I don't know if you can use $this->input->post('country') in the condition. Maybe I'm misleading but I remember having an error at some point when I had to assign the post value to a variable and work with the variable in the code.
#25

[eluser]ray73864[/eluser]
$this->input->post() returns a FALSE if the field could not be found in the post array, otherwise it returns the value of the field, so the if() statement is basically saying that for all return values other than FALSE it can be assumed true.
<br /><br />
The problem with this is if some smart ass goes and puts 'FALSE' into a form field that you are using an if() statement on: eg: if ($this->input->post('firstname')) {do something}. a person could set the value of the form field 'firstname' to be 'FALSE' which would completely screw up your if statement.
#26

[eluser]Colin Williams[/eluser]
$this->input->post($name) returns FALSE if $name does not exist. Otherwise it returns whatever is available in $_POST[$name] (which, in this case, should be an empty string). Not sure what caused your error, manilodisan.
#27

[eluser]Moon 111[/eluser]
CAPTCHA, duh.
#28

[eluser]Moon 111[/eluser]
[quote author="HdotNET" date="1222458049"]Most bots harvest your form and post to it remotely. You can do checks on referrer etc, but these can be spoofed. I've been using this for years:

Code:
&lt;input type="hidden" name="HASHCODE" value="1" /&gt;

HASHCODE is created as follows:

Code:
$hashcode = md5(date('Y-m-d').'some_string');

After post just look for

Code:
$_POST[md5(date('Y-m-d').'some_string')];

This way, any harvested form will only work for a maximum of 24 hours.

The downside is that if a visitor loads the form at 23:59 and posts it at 01:01 then it will fail.[/quote]

Easily bypassed I'm afraid... Hidden fields aren't as hidden as you think.
#29

[eluser]Référencement Google[/eluser]
@Moon 111 as you can read in my first post, Captcha was the thing I just don't wanted.

About HdotNET technique with the date valid for 24h it could be a good solution, we can also imagine restrict the user time to fill the form to 10 minutes otherwise it becomes invalid.

Anyway, I tried Lone's technique and from this moment I put it online I haven't been spammed again.

Of course it can be bypassed easily, but at this time it seems to work, so I will not search more until I get spammed again. Thanks Lone, this seems really the easiest way to get protected without annoying my users with a Captcha.

Christophe
#30

[eluser]Scott - Beyond Coding[/eluser]
[quote author="ray73864" date="1222522302"]The problem with this is if some smart ass goes and puts 'FALSE' into a form field that you are using an if() statement on: eg: if ($this->input->post('firstname')) {do something}. a person could set the value of the form field 'firstname' to be 'FALSE' which would completely screw up your if statement.[/quote]

Great point! Smile Now I realise why === is recommended instead of == for certain comparisons.

I think if you use something like if($this->input->post('firstname') === TRUE) then putting in 'false' as firstname won't be a problem (note the 3 equal signs instead of 2). This is because === checks the type of variable is the same, which it won't be when someone puts 'false' as $this->input->post('firstname') will always return a string.




Theme © iAndrew 2016 - Forum software by © MyBB