Hi, I've been plagued with automated spam (every 10 mins 24 x 7) for over 6
mths now. Even though I was filtering most of it out, displaying a fancy
Contact Page was wasting my bandwidth.
This has put a total stop to it, as they don't get to the actual Contact Page,
so I thought I'd post it:
:contact.php:
<?php
session_start();
error_reporting(0);
$_SESSION['index'] = $index = mt_rand();
$_SESSION['token'] = md5($index);
if (isset($_POST['message'])) exit;
header('Location: msgform.php');
?>
:msgform.php:
<?php
session_start();
error_reporting(0);
$index = $_SESSION['index'];
$token = $_SESSION['token'];
if ($token != md5($index)) exit;
// Rest of your Contact Page process here
?>
As "msgform.php" only excepts $_POST, if message is set in "contact.php", it's
automated spam so exit with no message. No need to bother checking any other
inputs.
"msgform.php" can't be accessed directly without the correct session variables.
Hopefully, this may help someone, or maybe improve it?
Can't remember were I got random session trick from, but just to say I didn't
think it up.
Regards, Bob.
------------------------------------
Please remember to write your response BELOW the previous text.
Community email addresses:
Post message: php-list@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-listYahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/php-list/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
