1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

spam mail..

Discussion in 'PHP' started by klown, Sep 12, 2006.

  1. #1
    currently my company is getting a lot of spam through our email forms. The emails come to our page like this.

    form page -> java validation -> thank you page with php mail script

    i've added some php onto the thank you page which identifies single spam words such as "viagra" and then it redirects the user to the form, and says at the top "we have detected spam words in your enquiry, please make sure all the forms are filled out properly."

    anyhow this is fine, but now we're getting things like "the-viagra", and "the viagra". The spam filter only identifies exact matches (though it ignores caps). Anyhow i can make it crawl through the dashes and spaces easy enough however perhaps they will soon start doing something like "bestviagra".
    SEMrush
    What kinds of things do you use to combat this spam?

    My boss has vetoed the idea of doing image validation, or repeating emails and such as he is doesnt want to lose even 1/100 clients.
     
    klown, Sep 12, 2006 IP
    SEMrush
  2. vdd

    vdd Peon

    Messages:
    34
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #2
    If you want to detect more spam try something like this:
    
    <?
     $message=' buy our bestViagra!'; // for test
     $message2=' '.strtolower($message); //
     $stop_word='viagra';
      if (strpos($message2,$stop_word)>0)
       echo 'spam!';
      else
       echo 'ok';
    ?>
    
     
    vdd, Sep 12, 2006 IP
    klown likes this.
  3. Mrblogs

    Mrblogs Peon

    Messages:
    48
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Better yet, implement an image-verification system, so that only manual entries will be accepted.
     
    Mrblogs, Sep 13, 2006 IP
  4. falcondriver

    falcondriver Well-Known Member

    Messages:
    963
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    145
    #4
    i use this on a "submit your url" page, so you may change $sitetitle, $url, $description to $subject, $text or so. $badwords is everythng you dont want in your form. hope you get the idea behind an can modify it so that it fits. maybe you should make a function out of it:

    $badwords = array('mortage', 'casino', 'viagra', 'poker', 'drugs', 'porn', ' sex');
    $sitedesc = array($sitetitle, $url, $description);
    foreach($sitedesc as $s) {
    $temp=$this->unscramble($s);
    foreach($badwords as $b) {
    if($isok==1) {
    if(strstr($temp, $b)) {
    $isok=0;
    }
    }
    }
    }
    if($isok==1) {
    //guess its safe to send the email
    }
    else {
    //spam!
    }

    this one makes sure it also catches p0rn, pom, p o r n and most other tricks used by spammers to fool wordfiters:

    function unscramble($text) {
    $text2 = strtolower($text);
    $text2 = str_replace(" ", "", $text2);
    $text2 = str_replace(".", "", $text2);
    $text2 = str_replace("1", "l", $text2);
    $text2 = str_replace("0", "o", $text2);
    $text2 = str_replace("rn", "m", $text2);
    return $text2;
    }

    (i dont use the php-tags because i always have trouble to cut&paste it then)

    the green rep link is on the top-left side btw! :)
     
    falcondriver, Sep 13, 2006 IP
    klown likes this.
  5. klown

    klown Peon

    Messages:
    2,093
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    0
    #5
    hmm, i used mr blog's code to develop a much better spam detector. If i continue receiving problem emails i'll add your method to it..

    actually i use the same variable "$badwords" in my program :) small world eh.. i also like to name variles which are used for the explode command with sound type words such as: boom, pow, bang etc.. i'm probly the only one though.

    as for image validation.. i said my boss didnt go for it, i already have a nice image creation script that bots will have a very difficult time viewing and is easy for humans to read.
     
    klown, Sep 13, 2006 IP
  6. Mrblogs

    Mrblogs Peon

    Messages:
    48
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    er i provided no code.. i think you mean FALCONDRIVER.
     
    Mrblogs, Sep 13, 2006 IP
  7. clancey

    clancey Peon

    Messages:
    1,099
    Likes Received:
    63
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Without knowing how your script it written, why not implement some procedures to try to make sure the form is completed locally instead of being completed remotely.

    Since image validation is not desired, you should try to prevent the email form from being called directly. Real users will not enter your site through the email form. They will enter through an ordinary page.

    Therefore, it is safe to force it to be called from another page on your site. A simple method would be to include something like the following in the scripts which generate the content pages:

    define( '_VALID_MYSITE', 1 );

    then at the top of the php script which generates the email form:

    defined( '_VALID_MYSITE' ) or die("<html></html>");

    Take advantage of the fact the form data needs to be posted. At the top of the email form, include the following:

    if ($_SERVER['REQUEST_METHOD'] != 'POST') {die("<html></html>"); }

    That will help reduce some of the remote accesses.
     
    clancey, Sep 13, 2006 IP
  8. klown

    klown Peon

    Messages:
    2,093
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    0
    #8
    oops i meant i used vdd's code along with my own badwords array

    interesting clancey, these are some damn good spam fighting techniques
     
    klown, Sep 13, 2006 IP
  9. BigPapi

    BigPapi Peon

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    yeah i havent found a good way around spam mail, theres just too much of it out there
     
    BigPapi, Sep 13, 2006 IP
  10. klown

    klown Peon

    Messages:
    2,093
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    0
    #10
    hm just got into work today and my spam blocker got rid of 17 spam emails, so it seems to be working pretty well. Actually i need to turn down the power a bit as it took out a couple legit customers, luckily i have it sending me the spam mail report so i can still transfer those customers to our sales staff.
     
    klown, Sep 13, 2006 IP