Check for spam PHP script instructions


The server you are using this script must support PHP. If you don't know what that means, ask your web host. If you wish to use the logging feature, you need to have a mySQL database installed and configured too.


To start using the script for stopping some of that nasty spam, just download the zip file from here.

Installing and configuring:

First you should configure the script - load up checkforspam.php in a text editor. The things you may need to change are:

  • $maxlinktags = 4; - this defines how many instances of the phrase <a href or [url= it will take to trigger the message as being spam. Spammers often fill out forms with a big pile of links to their awful sites. If a message contains more links that $maxlinktags is set to (4 by default) it will be classified as spam.
  • Your database details. If you wish to log the script's decisions and the contents of the messages it processes along with details of the sender in a mySQL table this is where to configure it. Replace the values in it with the name of your database server, user, password, and a database you have already created.

Then there are two text files for you to add words to that you wish to be banned. Simply load them up in a text editor and add words to them, one per line. If a message or sender's address contains any word in these files, it will cause the message to be classified as spam. bademailwords.txt contains words that are banned in the sender's email address. badmessagewords.txt is the same but for the message content itself. These words act like case-insensitive substrings - that is to say that if you type "viag" into the badmessagewords.txt file, any message with "viag", "Viagra", "vIAg", "EvIaG" and so on would be classified as spam.

All done. Place checkforspam.php, bademailwords.txt and badmessagewords.txt on your webserver somewhere. The files with it are optional but you can use them for testing it if you so wish - once configured you can visit the included testspam.html on your server to check everything is working and how your configuration has tuned the detection.

If you wish to use the logging feature, you will need to create a table in an existing database of your choice. Using your favourite mySQL tool, create the table as defined in webform_messages.sql. Your table should be called webform_messages.

Using the script:

The script simply provides a function check_for_spam which takes three parameters. These are:

  • $from - the email address filled in by the user on the webform (if you don't want to check email addresses, you can always pass a valid-sounding email address to it)
  • $message - the message the user wishes to send
  • $logresult - set to true if you wish to log this attempt, false if not. For this to work you must have configured a mySQL database appropriately as above. If you haven't done this, always set $logresult to false

The file is designed to be included in another file which then calls the check_form_spam function before doing whatever your form would want to do with valid information, for example email it to someone. You can see an example of how this would work in the included checkifspam.php - see it in action by visiting testspam.html in your install.

Here is a basic PHP snippet to show how it could be used. Imagine this is the action page for a form with fields "email" and "message" which includes the website visitor's email address and message to send respectively.

include "checkforspam.php";

if (check_for_spam($_POST['email'],$_POST['message'],false) == true)
print "

Spam detected

Check for spam PHP script

The Poorhouse is deadly opposed to the great evil that is spam, not least the perils of webform spam. Whoever first thought inventing a little program that toured the web typing in "Extra Good Viagra $1!!!" into a contact form and pressing send approximately 100 times a punishment is bad enough to exert.

In the course of being involved in a few sites, the Poorhouse has developed/stolen/borrowed a few simple ideas to combat it by pre-processing the input entered into the form before taking whatever action is required with the information. This could be sending an email to a member of the site, filling an entry in a database, and so on.

Drupal stuff

The Poorhouse uses a content management framework called Drupal. Drupal is great. It may be a bit complex to get your head around at first, but it is ultra flexible, modular, decent user community and so on.

This page will contain links to a few notes the Poorhouse has made during the adventure into Drupal, mostly so the Poorhouse can remember what he did if it needs doing it again, but maybe, just maybe, it'll be of interest to other avid readers.

Converting Drupal Acidfree module to mySQL 3.x

See here for an explanation. Basically, this is how converted the Drupal module "Acidfree" which is designed for mySQL 4 and above to run on mySQL 3.

Converting Drupal Workspace module to mySQL 3.x

See here for an explanation. Basically, this is how converted the Drupal module "Workspace" which is designed for mySQL 4 and above to run on mySQL 3.

Drupal modules on mySQL 3

The Poorhouse tends to use cheap hosting...which whilst bargainous, means you don't get the latest and greatest software. Most importantly here, it only has mySQL 3.x. mySQL 3 is missing a few features, including the UNION sql operator. Whilst this is fine for Drupal core, some of the modules rely on its existence. Which is fair enough all considered - but annoying for us.

Two such modules are Workspace and AcidFree. Both very useful, but required some faffing around to transform into something mySQL 3 compatible. In case anyone is in a similar situation, here's what was done to make them work to an acceptable standard.

Syndicate content