Captcha (request?)

I have a longstanding client web site which uses the PHP Feedback Form Action. Of late, there have been some spurious returns from Eastern Europe, which may be via spambots, but as they are only a few, could be just manual entry by mischief makers. The problem is quite manageable at the moment, but I am concerned (if spambots) it might grow.

Is there an easy way to add a Captcha to the form - I’m happy to copy/paste or key in a little code, if I’m shown what to do - or is it something that could be added to a future version of the Action.

I have found one coded possibility here -

http://www.white-hat-web-design.co.uk/articles/php-captcha.php

However I am not sure how this may affect the existing action. Any help would be appreciated.

Colin

quote

Colin,

you could do a search on hotscripts and see what that turns up, there are also the PHP easiForm and PHP easiCaptcha actions for use with Freeway although the latter action cannot be used with another form that is not a PHP easiForm form the standard easiCaptcha most probably could although this would involve a small amount of hand coding to your form and to the processing script.

The following is for adding the match sum version of easiCaptcha, to use the image captcha see: http://www.easibase.com/easiCaptcha/index.php

NOTE: The following does not apply if using the PHP easiCaptcha action with PHP easiForm as they along with Freeway do all the code implementation, so you have no hand coding to do.

1) You would need to check for the ‘captcha error’ before running the form through the engine of the form processing script. This could probably be achieved by using a piece of code like the following and placing the processing code where ‘// Form processing stuff’ is written below.

<?php
if ($ef_errors) {
// Do not load the processing side of the script so the email is not
sent if the captcha is not correct
// And the easicaptcha error can be shown to the user
} else {
// Form processing stuff
}
?>

2) You would need to place an include for easiCaptcha at the top of your form

<?php include_once('easiCaptchaM_config.php'); include_once('easiCaptchaM_a.php'); ?>

3) You should the add for following at the top of the form elements so if there is a captcha error the user can be shown some error text.

if ($ef_errors) { echo $ef_errors; }

4) You need the include for the captcha at the position the captcha is to appear

<?php
include_once('easiCaptchaM_b.php');
?>

5) You will need to upload ioncube loader for your server if not already available (Server needs to be ioncube compatible).

The link for the standard easiCaptcha is: http://www.easibase.com/easiCaptcha/index.php

6) Your form of course needs to end in .php

If you need any help implementing this then just let me know.

HTH

On Nov 20, 2008, at 12:03 PM, ColinJA wrote:

I have a longstanding client web site which uses the PHP Feedback Form Action. Of late, there have been some spurious returns from Eastern Europe, which may be via spambots, but as they are only a few, could be just manual entry by mischief makers. The problem is quite manageable at the moment, but I am concerned (if spambots) it might grow.

Is there an easy way to add a Captcha to the form - I’m happy to copy/paste or key in a little code, if I’m shown what to do - or is it something that could be added to a future version of the Action.

I have found one coded possibility here -

http://www.white-hat-web-design.co.uk/articles/php-captcha.php

However I am not sure how this may affect the existing action. Any help would be appreciated.

Colin

quote

Thanks MIke

That’s helpful. I had thought about Easiform/Easicaptcha, but having a form that works well I didn’t want to make too many changes until the next site upgrade, which may not be that far away.

However, I’ll have a play in a few days, when I ‘m less busy, as this is not a client request, but my own concern at the moment.

I appreciate not just your reply, but your taking the time to show me the way - and providing something that may help others on the Forum, too.

Colin

On 20 Nov 2008, at 11:32, Mike B wrote:

… there are also the PHP easiForm and PHP easiCaptcha actions for use with Freeway although the latter action cannot be used with another form that is not a PHP easiForm form the standard easiCaptcha most probably could although this would involve a small amount of hand coding to your form and to the processing script.

quote

I read that with interest, too, Mike, thanks for the explanations and instructions.

Out of pure interest….is there any logic to spambots finding and abusing forms? I ask this because I have several clients with fairly large, long-standing sites, some on the first page of a google search, with open (unprotected) forms…who receive no spam to my knowledge. However, I have several smaller clients like photographers and so on, nowhere on a google search and with relatively ‘minor’ sites, who are assaulted by spam all the time!

I find that curious…and wondered why?

Hugh

quote

BTW, with easiForm you can also block messages that the user may try to send links in etc.

I started to get some mail from people/a person sending mail with [url] and [http] type tags as the form had ‘http://’ blocked, I guess they thought they would try that option when the http didn’t work, I simply added ‘[url,[http’ to the badwords filter and now have none of these type messages come any more. A C.A.P.T.C.H.A. would not stop these messages because they where being sent by an actual person, so that person just needs to answer the captcha but if the words they are using in these spam messages are blocked then it doesn’t matter if it is a bot or a person, they wouldn’t be able to send the email.

HTH

quote

On 20 Nov 2008, 11:16 am, hugh wrote: Out of pure interest….is there any logic to spambots finding and abusing forms? I ask this because I have several clients with fairly large, long-standing sites, some on the first page of a google search, with open (unprotected) forms…who receive no spam to my knowledge. However, I have several smaller clients like photographers and so on, nowhere on a google search and with relatively ‘minor’ sites, who are assaulted by spam all the time!

I find that curious…and wondered why?

Hugh

But are you sure these bigger companies don’t receive spam, I am sure they must do to some extent, or maybe they have a ‘Bad words’ filter option like I explained the PHP easiForm has ‘although I guess if you created these sites then you would know that where the case!’. One other reason might be the fact that many smaller sites scripts are written with very basic email sending scripting that makes no attempt at stopping the forms from being used in various ways, if the script just picks up the form values passed on then run them through PHP’s mail() function for example then the script is wide open to abuse.

HTH

quote

No, I know for a fact that they don’t receive spam. And the thing is, they’re using just the same ‘open’ form as the smaller sites - I found a couple of easy to implement PHP scripts at Hotscripts a while back and use them. There’s no additional trickery added to filter anything.

Weird isn’t it!

quote