This is a continuation of a previous post, Preventing Form Spam.
A new year has begun, and form spammers are still on the hunt for fresh forms. In order to stave them off, we have developed an improved form mailer script to keep legitimate email inquiries in, and SEO robot spam out.
Previously, we published a script addon for users of the webformmailer.php script, which added some basic spam protection to the existing script. In this post, we present an enhanced version, which includes some extra goodies like: a log of spammer IPs that are automatically blocked (you can add your own here), a log of rejected spam form submissions for later review, including every user’s IP address in the emailed form, more streamlined coding, and extra protection from spammers who don’t actually use your form. Regarding that last bit, in addition to robots that crawl the web and submit bogus information inside of your forms, there are also robots that will attempt to submit information directly to your server without using your forms at all. While renaming your script to something other than the default webformmailer.php would cut down on this type of situation, we went a step further.
You’ll note the addition of $safe_input_name in the code, which is designed to ensure that the spammer was not going after your server scripts directly. $safe_input_name refers to the name of a non-standard field (e.g., ‘numberofpeople’), which must be present in the submission. If this field is missing, it is a sign that robots are directing submissions to your server, and thus posts without this field will be flagged as spam. Then, these culprits will no longer be able to submit any forms after being added to the blacklisted IP log. Feel free to take more drastic measures at this point, like locking them out of your site completely.
Before you use this script, ensure that you’ve read and understood Part 1. Not a user of the webformmailer.php script? Look our for a modified version of send_contact.php for your use in the near future. Depending on your needs, even current webformmailer.php users may want to take a look!