Top Anti-Spam Techniques For PHP Websites

Tired of constant spamming on your website? Here are the steps that you can take. 

When running a website, it is very important to protect yourself from spammers. If you're working on a PHP website, there are many ways to do this. Here are the top seven methods to stop spamming on your website.

1. CAPTCHA: You probably already know what CAPTCHA is. Websites often ask you to enter text in order to identify yourself, this is done through CAPTCHA. You need to add the CAPTCHA image and a text input to whatever you’re trying to protect on your website.

In order to implement CAPTCHA, you need to first install the Text_CAPTCHA class. In addition, you need the Text_Password and Image_Text classes to be installed too.

Use the following commands in order to install Pear’s Text_CAPTCHA class.

# pear install -f Text_CAPTCHA
# pear install -f Image_Text

Then you need the captcha.php file, which is the script that will generate the CAPTCHA image. Further, you need the TrueType font to be kept in the same directory as captcha.php. Why? Because this is the fond that is used in order to write a secret phrase.

On Windows these fonts are usually present in: C:\Windows\Fonts directory.

This is how the captcha class looks,


require_once('Text/CAPTCHA.php');



session_start();

$phrase = isset($_SESSION['captcha']) ? $_SESSION['captcha'] : 'Error';



$options = array('font_size' => 24, 'font_file' => 'georgia.ttf');



$cap = Text_CAPTCHA::factory('Image');

$cap->init(120, 60, $phrase, $options);



header('Content-type: image/png');

echo $cap->getCAPTCHAAsPNG();

?>

The code given above doesn’t perform any error checks. In case you want that, you will have to add it yourself. In addition, it will use the text “Error” if no phrase is found. In such a case, the user will never be able to cross the CAPTCHA message.

The PHP code for the form processor and the form are as follows. This is a very simple version and real form processing will have much more to it.

//
//session_start();

//

//if(isset($_POST['process'])){

// if(!isset($_SESSION['captcha']))

// die('Form accessed incorrectly');

//

// if(isset($_POST['captcha']) && $_POST['captcha'] == $_SESSION['captcha']){

// die('CAPTCHA text matched! Phrase was '.$_SESSION['captcha']);

//}else{

// die('CAPTCHA text did not match. Phrase was '.$_SESSION['captcha'].

// ', you entered '.$_POST['captcha']);


//}else{

// generate a new CAPTCHA phrase

// $_SESSION['captcha'] = substr(md5(uniqid(null)), 0, 4);
//}
//?>
//
//
//
//

//

//

//


// Enter phrase:

// input type="submit" name="process" value="Submit" />
// /form>
//
//

This code is using MD5 and uniqid() to generate a random string of text for our phrase. You can make your own changes to it.

2. Moderation or Manual Approval: This is again pretty self explanatory. You (the admin) moderates every new user that joins or comment that is made on your website. Before you validation, the user can’t pass or comments can’t show up on the website.

All you have to do is add a new item to your SQL table, which shows whether a new item has been approved by you or not. It requires a lot more work from the admin.

3. Text Filters: In this, you can check for words that are recognised as spam and block a post with such words. The functionality for this is already included in WordPress if you’re using it.

4. Email Validation: You can also ask the user to enter their email address while submitting a form. This sends an email to the user with a link that has to be clicked for authorisation. It ensures that the user is using a valid email address.

5. Rewriting: This method is used for protecting your email address from spammers. In this you spell out your email address. For example, efy (at) efytimes (dot) com. So, someone sending you a mail can’t simply copy and paste the address, they will have to write it down themselves. Someone doing so will usually be a real user, who is not sending you spam.

You can use this code,

{assign var='email' value='antispam@example.com'}
{$email|escape:'mail'}

This will give an output: antispam [AT] example [DOT] com.

6. Image: In this you display your email id as a picture instead of plain text. Email harvesters find this to be the toughest to deal with. If you put this in the same font and size as the rest of the website you many won’t even recognise that it is an image unless they try to copy it.

This can either be done using Photoshop to create the image, or you can use ImageTTF() to draw out TrueType fonts and then use the ImageTTFBBox() function.

7. Forms: This is often a technique that users tend to avoid. In this you provide a form that links directly to your email address. A real user can fill up the form to contact you. This though is far from foolproof as spammers can use the form to send you spam. You can create this by using the mail() function.

Author : Shivam Kotwalia, CodeKill