I have two sites that are completely unrelated but have the same kind of contact form, based on the one from the Cookbook, but with a honeypot field and a simple CAPTCHA field added. To analyze the CAPTCHA functionality I’ve redirected all emails with the wrong CAPTCHA to myself. While the honeypot field doesn’t seem to do the trick (i. e. bots seem to ignore it), the CAPTCHA field works great at filtering out spam (bots typically fill in random strings instead of the one asked for).
I found that interestingly, both forms get the same kind of spam from an “Eric Jones” that promotes lead generation. Does someone have an idea how this can be? Of all the billions of websites with contact forms, that bot happens to find two similar ones on different sites?
My form controller looks like this, by the way (anonymized), for anyone curious:
<?php
return function($kirby, $pages, $page) {
$alert = null;
if($kirby->request()->is('POST') && get('k_submit')) {
// check the honeypot
if(!empty(get('k_website'))) {
go($page->url());
exit;
}
$data = [
'name' => get('k_name'),
'email' => get('k_email'),
'subject' => get('k_betreff'),
'message' => get('k_nachricht'),
'captcha' => get('k_captcha')
];
$rules = [
//'name' => ['required', 'minLength' => 3],
'email' => ['required', 'email'],
'message' => ['required', 'minLength' => 3, 'maxLength' => 3000],
'captcha' => ['required', 'minLength' => 3, 'maxLength' => 3000]
];
$messages = [
//'name' => 'Please enter a valid name',
'email' => 'Dieses Feld erfordert eine gültige E-Mail-Adresse',
'message' => 'Dieses Feld erfordert einen Text in einer Länge zwischen 3 und 3000 Zeichen',
'captcha' => 'Dieses Feld erfordert einen Text in einer Länge zwischen 3 und 3000 Zeichen'
];
// some of the data is invalid
if($invalid = invalid($data, $rules, $messages)) {
$alert = $invalid;
}
// the data is fine, let's send the email
else {
$from = new \Kirby\Cms\User([
'email' => 'website_address@example.com',
'name' => esc($data['name']),
]);
// if wrong captcha value
if($data['captcha'] !== 'Example') {
try {
$kirby->email([
'template' => 'kontakt_spam',
'from' => $from,
'replyTo' => $data['email'],
'to' => 'myownaddress@example.com',
'subject' => !empty($data['subject']) ? '[Falsches Captcha] '.esc($data['subject']) : '[Falsches Captcha] Nachricht über das Kontaktformular',
'data' => [
'message' => esc($data['message']),
'captcha' => esc($data['captcha'])
]
]);
} catch (Exception $error) {}
go('/');
exit;
}
// if the captcha value is correct
else {
try {
$kirby->email([
'template' => 'kontakt',
'from' => $from,
'replyTo' => $data['email'],
'to' => 'website_address@example.com',
//'bcc' => 'myownaddress@example.com',
'subject' => !empty($data['subject']) ? esc($data['subject']) : 'Nachricht über das Kontaktformular',
'data' => [
'message' => esc($data['message'])
]
]);
} catch (Exception $error) {
if(option('debug')):
$alert['error'] = 'Das Formular konnte leider nicht gesendet werden: <strong>002: ' . $error->getMessage() . '</strong>';
else:
$alert['error'] = 'Das Formular konnte leider nicht gesendet werden. Bitte versuchen Sie es direkt per E-Mail an test@example.com';
endif;
}
}
// no exception occurred, let's send a success message
if (empty($alert) === true) {
$success = 'Ihre Nachricht wurde versandt; wir werden uns so bald wie möglich mit Ihnen in Verbindung setzen.';
$data = [];
}
}
}
return [
'alert' => $alert,
'data' => $data ?? false,
'success' => $success ?? false
];
};
