0

I finally found a contact form that works - inserted it into my three sites, and now the problem is I receive - daily - spammy, pointless mail from all three sites from my own web hosting server, Ionos (screenshot).

I contacted Ionos: "This is a mailing function sending emails from a webspace, the script that sends out the emails that was added needs to be stopped from this happening."

I asked how to stop it, and the answer was: "scripting is not within our scope of support," which is rich coming from a web-hosting site.

email screenshot

'send mail' php.

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "legion@naturalblood.co";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$first_name = $_REQUEST['first_name'] ;
$msg = 
"First Name: " . $first_name . "\r\n" . 
"Email: " . $email_address . "\r\n" . 
"Comments: " . $comments ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
    $injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$str)) {
        return true;
    }
    else {
        return false;
    }
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($first_name) || empty($email_address)) {
header( "Location: $error_page" );
}

/* 
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($first_name)  || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

    mail( "$webmaster_email", "Message from amatoria.com", $msg );

    header( "Location: $thankyou_page" );
}
?>
khtdoutyfr vp
  • 9
  • 1
  • Them saying that scripting is not within their scope of support isnt rich of them. They do web-hosting, not programming. – Dokik Feb 09 '22 at 14:45
  • @Dokik If I pay Ionos Premium for the privilege of hosting a website, then I should expect support to stop rubbish being sent from Ionos - help with a bit of code should not be beyond them. And if you can only answer my question with rubbish of your own, then I suggest stack overflow is not the site for you. – khtdoutyfr vp Feb 10 '22 at 18:08
  • I dont quite understand now, you are saying ionos is sending rubbish emails? The way I saw it is that you get spammy emails from your own webpage with your own form. Or did you use functions from ionos? – Dokik Feb 11 '22 at 07:38
  • Look at the email screenshot: the sender is Ionos - 'name: 1, email: 1, comments: 1.' This is rubbish. I cannot simply filter it to bin, as genuine emails are sent via this address. – khtdoutyfr vp Feb 11 '22 at 12:55

1 Answers1

0

Try to add google recaptcha to the contact form. This way robots or scripts cannot send you emails.

See: https://www.google.com/recaptcha/about/

Mátyás Grőger
  • 1,207
  • 2
  • 13
  • 24