Prevent spammer to sneak in URL & link in mail

Question

I have a spammer that use my PHP e-mail contact form and write this in the mail message:

[url=http://qjtouvifclfk.com/]qjtouvifclfk[/url]
[link=http://gqmrjhtujkoe.com/]gqmrjhtujkoe[/link]
http://tkihpjlwszyw.com/

I want to search for anything that ha [url= and [/url] and [link= and [/link] and http:// and .com in the message and remove it.

Rather than trying to be clever and strip it out, I'd just detect and reject. — Steve, Jun 29 '11 at 15:08
Check out this page for ideas: http://stackoverflow.com/questions/6260194/scrub-document-of-bbcode — webbiedave, Jun 29 '11 at 15:08

score 2 · Answer 1 · edited May 23 '17 at 11:55

2

This happens all the time. Automated bots will POST on your forms, searching for something they can use as a spam relay.

There are many methods for working around it. The most common is CAPTCHA, but your users will hate you.

See this post: Alternative to Captcha?

edited May 23 '17 at 11:55

Community

1
1

answered Jun 29 '11 at 15:07

Brad

159,648
54
349
530

CAPTCHA is being unuseful as time flows. These bots get through CAPTCHA in seconds – genesis Jun 29 '11 at 15:08
@genesis, did you read my post? There is a reason I linked to "Alternatives to CAPTCHA" – Brad Jun 29 '11 at 15:08
okay sorry. But if he would have known site, question like "What's color of sky(pe)" would not help – genesis Jun 29 '11 at 15:11
1

I've always wondered whether the CAPTCHAs in several file-download websites are just to prevent abuse or whether their users are unknowingly solving CAPTCHAs for spammers... – thkala Jun 29 '11 at 15:15
@thkala: It's to force users to buy premium and to prevent free users from using download managers – genesis Jun 30 '11 at 12:39
@genesis: so the fact that in many cases each CAPTCHA differs stylistically from the previous one, and that they occasionally seem way too similar to the ones used by major freemail providers is a mere coincidence? – thkala Jun 30 '11 at 14:30

score 0 · Accepted Answer · answered Jun 29 '11 at 15:06

0

preg_replace("/\[url=(.*)\](.*?)\[\/url]\/i", "", $text);
preg_replace("/\[link=(.*)\](.*?)\[\/link]\/i", "", $text);
preg_replace("/http:\/\/\/i", "", $text);
preg_replace("/\.com/i", "", $text); //this is very agresive line!

answered Jun 29 '11 at 15:06

genesis

50,477
20
96
125

score 0 · Answer 3 · answered Jun 29 '11 at 15:10

I used to get the same thing about 2 years ago. Add a honey pot to your contact form. This is an extra input which is hidden with CSS then in your PHP check that it has an empty value before running your mail script. Honey pots stop spam bots from filling out your forms, I've used this on 50+ sites so far with no problems. Let me know if you want more info on how to.

Prevent spammer to sneak in URL & link in mail

3 Answers3