The server you are using this script must support PHP. If you don't know what that means, ask your web host. If you wish to use the logging feature, you need to have a mySQL database installed and configured too.
To start using the script for stopping some of that nasty spam, just download the zip file from here.
First you should configure the script - load up checkforspam.php in a text editor. The things you may need to change are:
- $maxlinktags = 4; - this defines how many instances of the phrase <a href or [url= it will take to trigger the message as being spam. Spammers often fill out forms with a big pile of links to their awful sites. If a message contains more links that $maxlinktags is set to (4 by default) it will be classified as spam.
- Your database details. If you wish to log the script's decisions and the contents of the messages it processes along with details of the sender in a mySQL table this is where to configure it. Replace the values in it with the name of your database server, user, password, and a database you have already created.
Then there are two text files for you to add words to that you wish to be banned. Simply load them up in a text editor and add words to them, one per line. If a message or sender's address contains any word in these files, it will cause the message to be classified as spam. bademailwords.txt contains words that are banned in the sender's email address. badmessagewords.txt is the same but for the message content itself. These words act like case-insensitive substrings - that is to say that if you type "viag" into the badmessagewords.txt file, any message with "viag", "Viagra", "vIAg", "EvIaG" and so on would be classified as spam.
All done. Place checkforspam.php, bademailwords.txt and badmessagewords.txt on your webserver somewhere. The files with it are optional but you can use them for testing it if you so wish - once configured you can visit the included testspam.html on your server to check everything is working and how your configuration has tuned the detection.
If you wish to use the logging feature, you will need to create a table in an existing database of your choice. Using your favourite mySQL tool, create the table as defined in webform_messages.sql. Your table should be called webform_messages.
The script simply provides a function check_for_spam which takes three parameters. These are:
- $from - the email address filled in by the user on the webform (if you don't want to check email addresses, you can always pass a valid-sounding email address to it)
- $message - the message the user wishes to send
- $logresult - set to true if you wish to log this attempt, false if not. For this to work you must have configured a mySQL database appropriately as above. If you haven't done this, always set $logresult to false
The file is designed to be included in another file which then calls the check_form_spam function before doing whatever your form would want to do with valid information, for example email it to someone. You can see an example of how this would work in the included checkifspam.php - see it in action by visiting testspam.html in your install.
Here is a basic PHP snippet to show how it could be used. Imagine this is the action page for a form with fields "email" and "message" which includes the website visitor's email address and message to send respectively.
<?php
include "checkforspam.php";
if (check_for_spam($_POST['email'],$_POST['message'],false) == true)
{
print "<p>Spam detected</p>";
//add whatever action you want to take having received spam
}
else
{
print "<p>Spam not detected</p>";
//add whatever action you want to take having received non-spam
}
?>
Comments
Post new comment