8 replies to this topic

[Tirus]

Hello everyone,

My hosting company keeps disabling the mail function on my website as apparently I am going over the limit of sending/receiving 200 messages a day, which I am (not even coming close). I told them that I have a PHP contact form and they claim that it is most likely causing the problem. I have checked and rechecked the coding and do not see how by sending one message through it, many more would be sent. (it has always worked perfectly and has never sent multiples of the same form).

Here it is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="Refresh" CONTENT="2; URL=index.php">
</head>

<body>
<?
$name=$_POST['name'];
$email=$_POST['email'];
$phone=$_POST['phone'];
$location=$_POST['location'];
$website=$_POST['website'];
$graphic=$_POST['graphic'];
$webdev=$_POST['webdev'];
$other=$_POST['other'];
$other2=$_POST['other2'];
$description=$_POST['description'];
$to="addressremoved";

$message   ="Results from Contact Form\n";
$message  .= "\nName: $name\n";
$message  .= "E-mail: $email\n";
$message  .= "Phone Number: $phone\n";
$message  .= "Location: $location\n";
$message  .= "Website: $website\n";
$message  .= "Graphic: $graphic\n";
$message  .= "Website Development: $webdev\n";
$message  .= "Other: $other\n";
$message  .= "Specification: $other2\n";
$message  .= "Brief Project Description: $description\n";

if(mail($to,"Contact Form",$message,"From: $email\n")) {
echo '<p align="center">Your email has been sent. You will receive a reply shortly.</p>
<p align="center">If your browser does not automatically redirect you to back to the main page, <a href="index.php">click here</a>.</p>';
} else { echo 'There was a problem sending your message. Please contact us directly at email address removed.'; }


?>
</body>
</html>

If the form is correct, is it possible that spam bots or crawlers of sorts are triggering the form and sending many messages (none of which I am actually receiving)?!?!

Thanks in advance,

Tirus

[Demonslay]

Hmm, I don't see anything wrong with it.
Try this tutorial on flood control. I personally wouldn't waste the bit with the MySQL table, but would try using session data instead.

[Tirus]

thanks for replying so quickly Demonslay.

I am currently in the process of adding a flood control, I'm thinking for maybe 180 seconds...but I am wondering...will that prevent spam bots (if that IS the problem) from just sending another one after 3 (corrected from 2, sorry wasn't thinking ) minutes, and then another after 2 etc?

Again, this is assuming that that is the problem, considering that I do receive occasional email spam on that account, but never ANYTHING near 200 messages a day.

EDIT: I just want to add, what are your opinions on writing email[at]address[dot]com instead of email@address.com. Do you think this would confuse website visitors? Is it worth doing to prevent spam bots from getting my email address?

Edit2: Maybe I'll consider integrating a security image similar to what P2L uses...

Tirus

Edited by Tirus, 10 November 2006 - 09:08 PM.

[pirateXcore]

180 seconds is 3 minutes not 2
I am not 100% sure but i'm pretty sure spam bots will continue trying for a while....but they only sltay on sites for a certain amount of time.
If you were to set it at like 20 minutes (how often do people need to email you from there anyway?)
If it is a spambot then eventually when they can't just spam you up a lot they will give up permanently.

[Mr. Matt]

also add a CAPATCHA image to your script to make sure it isn't bots spamming and I would also just to see how many times it is being used do a count in a db just to see how many times it is being used.

Matt

[Tirus]

thanks for the reply Matt. I'm going to go through the one tutorial i found on p2l (links to wikipedia) and also there is something I found that I can download, I think it's premade....we'll see what happens and I'll let you guys know of the outcome.

edit: ok, I created a security code image generating 5 random characters so that works..

again, what are your opinions on changing my email address to email[at]address[dot]com from email@address.com, would it be too confusing for visitors? (it would also not allow me to use the mailto link as my real email would be in the source code)

Edited by Tirus, 11 November 2006 - 01:38 PM.

[pirateXcore]

If you added in the contact form an empty field for the email with something above that says something like. - Do to spambots you will have to manually add my email address email[at]address[dot]com (change [at] to @ and [dot] to . )
That would completely eliminate the possibility of bots.

Edited by tgs, 11 November 2006 - 02:23 PM.

[Demonslay]

Not really. I've seen debates on this issue, and bots are damn smart nowadays, as their programmers are getting smarter.
I've only seen two ways that to me look absolutely fool-proof and bot-proof. One I understand completely, as it deals with building characters from pure CSS code, though it is extremely tedious, and HUGE in filesize. Imagine having to have about 20 embedded div tags just to formulate one letter!
The other deals with some kind of JavaScript that I don't understand, lol.
Also I saw this tool somewhere that somehow grabs your email from a database with a completely random key, which I understand, its just how they were grabbing the email again that was odd, as it was like it was md5 hashed...

Anyways, your best bet is to not even display your email at all. If you are using a contact form, I don't see the point in that, really, since you can just put the email in your script, where no-one can see it, lol.

[Tirus]

wow that sounds complicated demonslay (referring to the first part of your post).

How I originally wanted to have my contact page set up is basically there is a contact form that people can use, as well as my email and msn messenger info displayed on the side, in case people would rather contact me directly.

I am not looking for completely foolproof solutions, just something to minimize the spam I am getting at the moment and hopefully solve this problem of my mail function being used over 200 times/day.

As for the captcha script/security code generator, I followed one tutorial and got it to work but cannot seem to integrate it into my pages now. I am going to try another tutorial just to see what the differences are and then see if I can integrate it or not.

So let me just expand this topic for a second, since we are now also talking about email addresses and displaying them on sites etc. To everyone who has a website with contact information, how do you, if you do, display your email info and as a result, do you get any spam? (if mods feel I should start a new topic with this question, then let me know and I will).

Tirus