contact form security

[Bethrezen]

hi all

I decided to add a contact form to the site I been building

Found Here Contact

as you can see I have the front end done now I need the back end script that makes the whole thing work

trouble is my knowledge of php is limited I only just started learning how to code php a few months ago and therefore something of this nature is beyond my ability to create so I was wondering if any one knows of a good secure pre-made contact form validator that will stop spammers from abuseing the form to spam me or other people

might also be a good idea at add some sort of captcha to the form as well to help enhance security further

[Mrkvonic]

Hello,
My brother uses something like thi on his site (php contact, obfuscated js). I'll ask him. Hang in there for a few hours / days.
Mrk

[Bethrezen]

hi

Quote:

My brother uses something like thi on his site (php contact, obfuscated js). I'll ask him. Hang in there for a few hours / days.
Mrk

thanks much appreciated

[Mrkvonic]

Hello,

Here you go, first part, obfuscated js:


---------


first create html file with this js code:

y = "<a href=mailto:example@email.com>example@email.com</a>";
for(i=0;i<
y.length;i++) {
document.write(String.fromCharCode(5^y.charCodeAt(i)));
}

This is to encrypt your email address. Of course you should change the "example@email.com
" to desired email.
The key used here for encryption is 5. You can see it in the 5^y string above. You can change it to something else. After
you open this html file with the above js you'll have the encrypted string displayed on the browser.


Copy this string and replace 'y = "<a href=mailto:example@email.com>example@email.com</a>"' by 'y = "the encrypted string"; '.

In the above example the encrypted string was "9d%mw`c8hdliqj?cjjE|dcjj+fjh;cjjE|dcjj+fjh9*d;". So the code has to be modified to:

y = "9d%mw`c8hdliqj?cjjE|dcjj+fjh;cjjE|dcjj+fjh9*d;";
for(i=0;i<
y.length;i++) {
document.write(String.fromCharCode(5^y.charCodeAt(i)));
}


---------


Hope this helps, I'll see regarding the php script soon too.

Cheers,
Mrk

[Bethrezen]

hi

thanks for your reply

question how does this work with the back end php form valuator ??

I mean obviously this encodes my email address so that even if a bad guy was to be able to download the back end php that powers the form they still wouldn't be able to get my real email address because all they would see is the encoded string which is good

but there is a problem the php form valuator needs to be able to read the encoded address so that it could send me any correspondence

problem is that if I include

Code:

y = "Encoded String";
for(i=0;i<
y.length;i++) {
document.write(String.fromCharCode(5^y.charCodeAt(i)));
}

to decode the encoded email address this makes it super easy for anyone to decode the encoded string back to plain text and get my email which entirely defeats the purpose of encoding my email in the first place

I mean this Java obfuscation would probably be able to stop spam bots in there tracks because all they see is the java code but this isn't going to stop a person hell even I could bypass this in about 30 seconds if the above was included in the source of the form validator

so my question is how do you create an encoded email address that can be read by the the form validator but is impossible for a person to decode ?? so that should a bad guy manage to download the php back end for the contact form it is all but impossible for them to get my email address ??

[Mrkvonic]

Hello,
That's against bots, of course.
No one will bother gathering emails by hand ...
Mrk

[Bethrezen]

hi Mrkvonic

you are probably right but if someone is going to try and abuse one of these contact forms for bad purposes its usually a person doing it and not a bot

what can I say I like to try and cover all the bases just to be on the safe side I may not be able to stop someone abusing the facility to spam me or other people but doesn't hurt to make it as hard as possible

[Mrkvonic]

Hello,
You could significantly complicate the algorithm... something like entropy or whatever?
Mrk

[Bethrezen]

hi

Quote:

Hello,
You could significantly complicate the algorithm... something like entropy or whatever?
Mrk

I see well that's not happening I don't even know how to build a basic back end validator for a contact form never mind anything more complex

maybe it time I got an account an php freaks