Spamming is a huge problem on the internet, mostly originating from badly coded email forms on websites which exploit bugs in the PHP mail function, or badly coded email functions in other languages. This is known as email form hijacking.
There are two main problems:
- Email code problems: Spammers can add thousands of email recipient addresses to a single field on an email form.
- Robot email hijack problems: Spammers can use robots to repetitively hit an email form over and over again.
In both instances they can manipulate the email body and subject using the fields on the form.
We must ensure ALL our customers have coded their forms in a proper fashion to stop both of the above.
Email code problems:
Ensure that no line breaks or commas are passed into the ‘to address’ of the email form. The commas should be stripped out using server side code. This prevents spammers adding thousands of email addresses to a single ‘to address’ on an email form.
Robot email hijack problem:
Add a capatcha script to ALL email forms. This script generates images (known as “Captcha’s”) which contain security codes used for protecting a form from spam bots.
If you are using ASP – please download the free script “asp captcha.zip” below:
1. Unzip all the files keeping the directory structure intact. 2. Files must be run through an ASP enabled web server or on ASP enabled web space. (check with your hosting company). 3. Point your web browser to the example file 'example.asp' to check that it runs correctly on the server you have installed the software on. Integration of Web Wiz CAPTCHA =========================================================================================== Hopefully you should find the software easy to integrate. The files 'example.asp' and 'example_process_form.asp' are only used as an example of how Web Wiz CAPTCHA works. 1. Place the folder, and it's contents, named 'CAPTCHA' into the same directory that your web form you wish to integrate Web Wiz CAPTCHA into is in. 2. The web page that contains the HTML web form you wish to integrate Web Wiz CAPTCHA into must have an .asp extension (eg. my_own_form_file.asp (this is an example file name and not a real file)) 3. Open your web form in a text editor and place the following code into the part of your form where you wish the CAPTCHA image and textarea to be:- <-- include the Web Wiz CAPTCHA form --> <--#include file="CAPTCHA/CAPTCHA_form_inc.asp" --> 4. Open the file in a text editor that is to process your web form input, and place the following code at the top of the file:- <-- Include file for CAPTCHA form processing --> <-- #include file="CAPTCHA/CAPTCHA_process_form.asp" --> 5. Now within the file you entered the code from the last step into you can call the following variable to check that the CAPTCHA code entered is correct. blnCAPTCHAcodeCorrect If the CAPTCHA code entered is correct the above variable with be set to true, if the CAPTCHA code has not been entered correctly the variable will be set to false. 5.1 Below is some sample code to check the CAPTCHA code is correct:- If blnCAPTCHAcodeCorrect = True Then Response.Write(" CAPTCHA code is correct") ElseIf blnCAPTCHAcodeCorrect = False Then Response.Write(" CAPTCHA code is NOT correct") End If That should be it, hopefully now you have successfully integrated Web Wiz CAPTCHA into your web form. Customising Web Wiz CAPTCHA =========================================================================================== 1. The only customisation that can be done to this software is to make it NOT case sensitive by editing the file 'CAPTCHA/CAPTCHA_setup.asp' and altering the following variable:- blnCAPTCHAcaseSensitive = true Removing Links Back to Web Wiz Guide =========================================================================================== Many 1000's of unpaid hours have gone into developing this and the other applications available for free from Web Wiz Guide. If you like using this application then please help support the development and update of this and future applications. If you would like to remove the powered by logo from the application then you must purchase a link removal license key from Web Wiz Guide. Payments can be made securely on-line using your credit or debit card through WorldPay or PayPall more information on this can be found at: - http://www.webwizguide.info/purchase ===========================================================================================
If you are using PHP – please download the free script “php captcha.zip” below:
Place the following code on your form. This will generate an image with a random string of characters along with the text field where the user will retype the code. Security Code: You can also specify certain options for the image by passing them as variables to CaptchaSecurityImages.php. The options available are the width and height of the image and the number of characters Place the following in the code where the form is submitted to. This code will check what the user has typed matches the code in the image. If you would rather your tag links to a jpg rather than a php file you can use mod_rewrite. By inserting the following in your .htaccess file you can use instead. RewriteEngine on RewriteRule captcha.jpg /CaptchaSecurityImages.php You may wish to change the colour of the captcha image, this can be done by editing the background_colour, text_colour and noise_colour variables. The imagecolorallocate() function constucts a colour from the given RGB (red, green and blue) values, each of these is a number between 0-255. Another idea you might want to try is using the mt_rand function to randomize the colour each time a captcha is generated.