Contact forms question.

Discussion in 'Web Design and Development' started by definitive, Sep 14, 2010.

  1. definitive macrumors 68000


    Aug 4, 2008
    I'm looking in to implementing a contact form on a website, and would like some advice on what I could use. I'm looking for something that's easy to configure, and at the same time offers some kind of a spam protection (even if it's a "Security question: 1+1=?" type of deal, or maybe a captcha).

    So far Google only shows some regular pay-to-use type of sites that give you free code, but they host it on their own site, and spam you. I'm looking for something that I could host together on my own website's hosting.
  2. web_god61 macrumors regular


    May 14, 2004
    I would skip the captcha. Spam is a big problem but captchas are not the answer.

    Unless your form starts getting a large amount of spam, then you could always implement it later, but captchas usually turn a lot of users away from sending that form (known as an Accessibility problem in web terms). Say for everyone 5 spam emails it catches, 2 legitimate users are turned away, not a very good trade off.

    Besides, most spam bots can read captchas, the only thing your doing is adding another step for users to pass to interact with your websites.

    Thats my view on it, im sure someone will come on and say the complete opposite.
  3. dmmcintyre3 macrumors 68020

    Mar 4, 2007
    captchas = worthless

    Custom field names and dummy fields (eg: if field != a value or is not submitted it denies the submission) is a better way.
  4. angelwatt Moderator emeritus


    Aug 16, 2005
    I do the math questions on my contact form, but I have a number of other checks that always catch spam. I don't really need to math question, but I keep it for research purposes. Currently I'm blocking 100% of spam and don't even get spam attempts anymore. This was accomplished in part by blocking ≤IE5 from my site at a whole, and blocking ≤IE6 from using the contact form page only. This was when the spam attempts stopped. This is not an option for everyone obviously since some sites have legitimate IE6 visitors.

    I've been wanting to do a write-up on the techniques I use to block spam, but unfortunately that hasn't been finished up. Some of the things though:

    • Measure to it takes them to fill out form. Block if less than 15 seconds or greater than 30 minutes. Adjust as needed.
    • Use random field names per page load. Often spam will come in groups and use the same junk for each request so only the first sender may have the right field names.
    • Validate input, check legit email address format, and count links in message as spam tends to have a lot of links. Also check for email injection attacks.
    • Store a session server side and delete it once it has been used so follow up spam can't use the same session.
    • I use a honeypot as well. You can Google about that.
  5. definitive thread starter macrumors 68000


    Aug 4, 2008
    thanks everyone for the suggestions on captcha, but the question is still unanswered: where can i get an easy to install/configure script for a contact form? im not familiar with php, but that's probably the type of form i'm leaning towards. i'd prefer something that would allow me to keep the .html file format for the contact page, but i guess if there's no other way, then php would work too...
  6. carlosbutler macrumors 6502a


    Feb 24, 2008
    London City
    It's so easy to make your own, honestly.

    You can keep your current HTML page. On your HTML page you need to have a <form> element which directs to a PHP page using the action attribute. Then just have a couple of inputs and text fields if you want and let the PHP work e.g.
    <form action="myphppage.php" method="post">
    <input type="text" name="namesFirst" />
    <input type="text" name="namesLast" />
    <input type="text" name="emailAddress" />
    etc... (message, contact number, subject etc)
    and the PHP page (pseudo code/actual code)

    $namesFirst = $_POST['namesFirst'];
    $namesLast = $_POST['namesLast'];
    create $var with message, anything else
    create $var with email address
    use built in php function mail(....)
    It is easy, look around :rolleyes:. Although here are two tutorials explain how to use forms and how to send basic mail using PHP:
    PHP Mail
  7. angelwatt Moderator emeritus


    Aug 16, 2005
    Easy to make, sure, but to make secure against spam will take more than those tutorials. You're quick code (and the first linked page) shows how easily email injection can get into the code and take over your contact form. If the OP isn't comfortable with PHP then they should be looking for a pre-built implementation that has already taken security into account.
  8. definitive thread starter macrumors 68000


    Aug 4, 2008
    yeah that doesn't look too secure... i found two forms so far, but one never worked after i installed it (no emails kept coming through), and the other one seems to show your own email instead of sender's in the reply to field when you get the email in your inbox. i tried contacting the creator, but he never responded, so i'm hoping someone on here knows of an alternative script.
  9. definitive thread starter macrumors 68000


    Aug 4, 2008
    A little update on my situation - I think I found what I was looking for:

    This form has several anti-spam features, and allows you to turn the captcha off. Plus it has an admin control panel which allows the site's owner to modify features in the future as they please.
    I'm also thinking of learning how to build small informational websites using WordPress. Reason being is that it will probably save me time in the long run, and there are tons of pre-made simple to use plugins for it.

Share This Page