Php avoid spam messages without captcha

Question

Nowadays i'm getting too much of spam emails from my contact form, below is it's html view,

    <form id="contactForm" action="processform.php" method="post" class="positioned" style="display: inline;">
        <ul>
            <li>
                <label id="textname">Name :</label>
                <input type="text" name="senderName" id="senderName" placeholder="Type your name" required="required" maxlength="200">
            </li>
    <li>
                <label id="textemail">Email :</label>
                <input type="text" name="senderEmail" id="senderEmail" placeholder="Type your email" required="required" maxlength="200">
            </li>
<li>
            <label id="textmessage" for="senderfeedback">Feedback :</label>
            <input type="textarea" name="senderfeedback" id="senderfeedback" placeholder="Type your Message here" required="required">
        </li>
    <li>
                <label></label>
                <input type="submit" id="sendMessage" name="sendMessage" class="button" value="Submit">
            </li>
       </ul>    
    </form>

I think some auto bot is accessing my processform.php file. Is there any way to stop this ?

The solutions without captcha tend to be broken before you even started to implement it — PeeHaa, Feb 18 '14 at 10:37
You could add an hidden input form and check if it gets filled. Also using a Captcha is "the way to go" if you want to stop bots spamming html forms. — Dylan, Feb 18 '14 at 10:37
http://www.google.com/recaptcha/captcha, it will help you..... — Dinesh, Feb 18 '14 at 10:37
A duplicate of so many questions here, start by searching for block spam without captcha there are pages of results — Anigel, Feb 18 '14 at 10:37
If you have access to the server configuration, you could ban the IP addresses from which the exploit originates, although probably sooner or later there'll be another bot from a different IP that might exploit that. — , Feb 18 '14 at 10:38
THere are some good answers [here](http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches). I like the question and answer approach personally - just use a question that can be answered easily enough, but can't be obtained from a quick google search (i.e. math calculation: 4+5=9) — stckrboy, Feb 18 '14 at 11:04

score 1 · Answer 1 · answered Feb 18 '14 at 10:39

1

One simple way can be this.

Ask a simple math question like 5+3 = ? (randomly generate each time) and check if the entered answer is correct.

answered Feb 18 '14 at 10:39

Chethan N

1,110
1
9
23

This can be easily googled for though, trivial to bypass even for a simple bot – stckrboy Feb 18 '14 at 10:55

score 0 · Answer 2 · answered Feb 18 '14 at 12:45

Within your form, do

session_start();
$num1=rand(1, 5);
$num2=rand(1, 5);
$_SESSION['num1']=$num1;
$_SESSION['num2']=$num2;
echo "<li><label>What is ".(string)($num1)."+".(string)($num2)."?</label><input type='text' id='sum' name='sum'></input></li>

In your processform.php, read out the value of $_POST['sum'] and check if is equal to the session variables added together. Only then process the request.

If you find errors in the code, you can keep them ;)

Php avoid spam messages without captcha

2 Answers2