Somehow it is really a tie, that some silly people tries to use other mail forms to send. In the best behaviour, this spam only reaches your own mail account, in the worst way the whole world gest the spam mail from your account. But there is a nice invention called captcha which helps you to preserve your mail from for this kind of spam, which is mostly send by so called bots.These bots are scanning webpages to find mail- or comment forms (like in this blog). If they found such a form, they tries to send spam over this form. With a captcha which is not readable by a bot, you can prevent the sending of the mail.
How can I insert such a captcha on my mail- or other forms. A webblog like WordPress has easy plugins for that and you only have to choose, which plugin you want to use. But what can you do, if you have a „normal“ web page?
I found a very good and free script for including it on your homepage. It is really easy to use. It is called secureimage PHP captcha and can be downloaded on http://www.phpcaptcha.org/.
It is only needed to upload the „secureimage“ folder in your webspace and then you can include it on your page with the form by calling
require_once('securimage/securimage.php');Then it is ready for use. To show it in the complete feature on your page, you have to include following code on the place where it should be shown:
<div>
Bitte geben Sie den unten angegebenen Sicherheitscode ein:<br /><br />
<img id="siimage" align="left" style="padding-right: 5px; border: 0"
src="securimage/securimage_show.php?sid=<?php echo md5(time()) ?>" />
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"
width="19" height="19" id="SecurImage_as3" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="false" />
<param name="movie" value="securimage/securimage_play.swf?audio=securimage/securimage_play.php&bgColor1=#777&bgColor2=#fff&iconColor=#000&roundedCorner=5" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<embed src="securimage/securimage_play.swf?audio=securimage/securimage_play.php&bgColor1=#777&bgColor2=#fff&iconColor=#000&roundedCorner=5"
quality="high" bgcolor="#ffffff" width="19" height="19" name="SecurImage_as3"
align="middle" allowScriptAccess="sameDomain" allowFullScreen="false"
type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>
<br />
<!-- pass a session id to the query string of the script to prevent ie caching -->
<a tabindex="-1" style="border-style: none" href="#" title="Refresh Image"
onclick="document.getElementById('siimage').src = 'securimage/securimage_show.php?sid=' + Math.random(); return false">
<img src="securimage/images/refresh.gif" alt="Reload Image" border="0" onclick="this.blur()" align="bottom" /></a>
</div>
<div style="clear: both"></div>
Sicherheitscode:<br />
<!-- NOTE: the "name" attribute is "code" so that $img->check($_POST['code']) will check the submitted form field -->
<input type="text" name="captchacode" size="12" />On the receiving php code you have to include the same folder like above and call the code them with
$image = new Securimage();To check, if the captcha code was typed in correctly, you can check it with
if($image->check($_POST['captchacode'])) {
//code for sending
}Thats all. I think, this is really easy and can be included quick.
The visual component of securimage is great, however the audio component is vulnerable to attack:
http://www.idontplaydarts.com/2011/05/exploit-phpcaptcha-securimage/
Thanks a lot for that hint.