tero.co.uk

SPAM zapper: anti-SPAM script for web forms

This anti-SPAM script is a combination of a couple other scripts and a couple ideas of my own. It should be used on any page which processes a web form (like a contact form, checkout page, etc). It will catch most attempts by SPAMmers to hijack the form in order to send SPAM.

The function has two true or false arguments: whether or not to abort the script and exit with an error message when SPAM is detected (otherwise it just returns true if the message was SPAM and false if not), and whether or not to check the visitor's IP address against a known black list.

The script checks the following things:

  1. that the form is posted
  2. that the IP address of the visitor is not in known lists of SPAM senders (if second argument is true)
  3. that no email headers like cc and bcc are in any of the posted elements
  4. that no standard fields like name, email, etc contain links
  5. that no standard fields like name, email, etc contain strings of random characters
  6. that other fields do not contain addresses of known SPAM sites (if second argument is true)
  7. that form input is not repeated too often (eg "cheap pills" in every form field)

Follow these very easy steps to use the script:

  1. Download the file spamzapper.php
  2. Include the file in your PHP: <? include 'spamzapper.php'; ?>
  3. Call the SpamZapper function: <? SpamZapper(); ?>