Secure Contact Forms

??PHPNerds??: “Building a Secure Contact Form”: It appears that some jerk on the web has been blasting our “Contact form”: at The Village Church in order to exploit a buffer overrun error and spam people from our website. How do you like that? I know the easiest way to take care of this is to provide some server-side validation of the information before it’s passed through to email–and it probably wouldn’t hurt to start tracking incoming IP addresses, either. This is just one more thing that I don’t need keeping me up nights. 😦

Anyone run into this issue before?

Update: Mike got me thinking about a WP plugin and a quick Google turned up the “WordPress Contact Form plugin”: Looks like they’ve had their own spam issues and are working on solutions to those. This might be helpful for our situation with The Village Church.

Second Update: We’re using the plugin here. Feel free to do some “User Acceptance Testing”:/contact. 😉

2 thoughts on “Secure Contact Forms

  1. The contact form sends an email? And you’re worried about spam email to people on your site?

    Stop worrying about it. Let the users deal with their own spam. Spam happens and there are many ways to deal with it now.

    Just make sure you are running the newest version and that you have any patches for that may address the bug that is being exploited.

    Alternatively you can use the wordpress plugin (i forget its name, sorry) that adds a field to forms that requires the user to type in the randomly generated image letters. Using things like that lead to various accessibility problems though, it also requires imagemagick (or compairable software) to be installed.


  2. Mike, the main issue with this is that these attempts to spam are clogging our Church Administrator’s inbox with emails from an address that would normally get a good amount of attention (say from people actually interested in our church or connecting with our staff).

    A captcha plugin would be an interesting idea. They do have accessibility issues (they exclude blind people), but a lot of online companies use them. Once we’re done migrating to WordPress — hopefully sometime this week — I can see if that WordPress Contact Form plugin can help.


Comments are closed.