Secure Form Script?

[themacnut]

Anyone know of a secure form script I can use? One that can't be easily hijacked to send spam messages to others nor one where a spammer can easily get my email address from the form to send spam to me?

Links to the script would be much appreciated, and it can be Perl, python or php.

 

[dlloyd]

What kind of script are you looking for? Just a plain 'contact form' type thing?

 

[ksv]

All data transmitted and received will be encrypted if you use an SSL certificate on the server. You can either buy a signed one or sign your own (will give the user a warning message) - check http://developer.apple.com/internet/serverside/modssl.html

 

[dlloyd]

I'm thinking he was meaning more along the lines of "not-visible" rather than "un-hackable". Which means that a simple PHP handler would work fine.

 

[themacnut]

What kind of script are you looking for? Just a plain 'contact form' type thing?

Yep, that's it exactly. One of those forms where you fill in your name/email/and a short note, and click submit. I want to use a contact form in place of mailto: links on my website because spammers have software that collects email addresses off web pages, even if they're not clearly displayed on the page. And spam to all the email addresses I have on my website has been climbing lately.

The problem is, spammers have been able to "hijack" some of the less secure contact form scripts and use them to send spam to thousands of other email addresses, and some forms require displaying the contact email in the HTML of the page, which means spammers with that clever email harvesting software can still get it.

I'm trying to find a contact form script that has neither of those weaknesses.

 

[profx]

spammers with that clever email harvesting software can still get it.

one i use on the sites I maintain is

function cloakemail(user,domain,DisplayText){

    // use ascii characters for "MAILTO:" to hide from spiders
    var asciiMAILTO = "mailto:"; //-- Ascii for 'mailto:'

    // if DisplayText is empty, combine user & domain with ascii character for "@"
    if (DisplayText == null || DisplayText== "" ){ DisplayText = user +'@' + domain;}

    return '<a href="' + asciiMAILTO + user + '@' + domain + '">' + DisplayText + '</a>';
}

a simple javascript function that writes the email address in the browser, this means most harvesters dont read it as they look directly at the source. The email address never occurs in the source. Ever since i implemented this script and changed my email addresses on the site i get -zero- spam!

It works a treat for me!

so where you would normally write

If you want you can <a href ="mailto:user@domain">email</a>me

you now write

If you want you can <script language="JavaScript"> document.write(cloakemail('user','domain','Email'));</script> me

obviously you need to put the function at the top of your webpage or make it as an external js file

 

[Arden]

You could get a Bravenet account, and use their free mail form...

Profx's technique also works, in all its various incarnations.

 

[dlloyd]

profx, that's a pretty slow way to do it. Take the info out of a form submission and let PHP send the email. That way there is literally zero chance that your email address will get out.

 

[mdnky]

Stay away from JS rewrites. What if a user has JS disabled, or their browser doesn't support it?

There are loads of simple, free, good PHP scripts for forms out there. Search this forum (and the Web Scripting one), this topic came up a few months ago in a few different posts and there were quite a few options presented.

http://www.macosx.com/forums/showpost.php?p=286704&postcount=3