> -----Original Message----- > From: Andrew Ballard [mailto:aballard@xxxxxxxxx] > Sent: Friday, January 18, 2008 6:10 PM > To: PHP General list > Subject: Re: Question About Blocking Email Addresses in Forms > > On Jan 18, 2008 10:18 AM, Richard Heyes <richardh@xxxxxxxxxxx> wrote: > > > I am wondering if there is a way to block out email addresses in > specific > > > format from a form? We ahve a form that people have to enter an > email > > > address, and the form has been getting used by bots to send spam to > a > > > listserv. The email address they enter is in this type of format > > > gfjhjfg@xxxxxxxxxxxx, and of course it is always just a bit > different every > > > time. Any help is greatly appreciated. > > > > Could add a CAPTCHA image ("Type the letters in the image...") to > your > > form. It eliminated comment junk when I added one to my website. > > > > Depending on what it is for, make sure if you use CAPTCHA that you > provide an accessible alternative, as I'm sure NU would hate to run > afoul of the ADA. > > Andrew > It depends on your target, that's for sure. I made up a list of things you can do when you are this kind of trouble. It's a small summary. I think you can't live without 1 and 2 most of the time, and specially for contact forms (you are free to disagree): 1 - Simple CAPTCHA (audio support if it's difficult for people with visual disease - if you target them as well) 2 - Email validation REGEX (well, validation to all extents, not only email) 3 - Some/All of the hidden fields techniques (to prevent automated bots not launched directly to you, but scanning the whole web - which are usually the most powerful and nasty ones) 4 - PHP IP/Session blacklisting (for example, fail the captcha 3 times and you have to wait 10 seconds) 5 - Some mod_security rules for when 1 and/or 2 fail. I don't like mod_security (you have to be careful on the ruleset to keep your server load low and avoid breaking some apps like phpMyAdmin), but sometimes you may need it (specially if you deal with code not written by you). 6 - mod_throttle or similar when it starts becoming more of a DOS/DDOS attack (anybody sharing experience on this?). Regards, Rob Andrés Robinet | Lead Developer | BESTPLACE CORPORATION 5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | TEL 954-607-4207 | FAX 954-337-2695 Email: info@xxxxxxxxxxxxx | MSN Chat: best@xxxxxxxxxxxxx | SKYPE: bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
