Can anyone see anything wrong with this script?
The host doesn't provide this script so no support available there but I have this script working on another host for same client (diff domain of course).
<form method='post' action='http://www.example.com/cgi-bin/FormMail.pl'>
<input type=hidden name="required" value="Name, PhoneNumber, Email, Services, verifytext">
<input type="hidden" name="recipient" value="info@example.net">
<input type="hidden" name="redirect" value="http://www.example.com/thanks.html">
<input type="hidden" name="subject" value="From the Contact Form">
<table width="80%" cellpadding="5" cellspacing="0" border="0">
<tr><td align="right" width="150" nowrap><strong>Name:</strong>
</td><td>
<input name="Name" type="text" size="40"> <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr> <td align="right" nowrap><strong>Business Name:</strong>
</td><td>
<input name="BusinessName" type="text" size="40">
</td></tr><tr> <td align="right" nowrap><strong>Address:</strong>
</td><td>
<input name="Address" type="text" size="40">
</td></tr><tr> <td width="150" align="right" nowrap><strong>Phone Number:</strong>
</td><td>
<input type="text" name="PhoneNumber" > <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr> <td width="150" align="right" nowrap><strong>Email:</strong>
</td><td>
<input type="text" name="Email"> <span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td></tr><tr><td width="150" align="right" valign="top" nowrap><strong>Services interested in:</strong></td>
<td>
<textarea name="Services" cols="40" rows="4"></textarea><span style="font-size:14px; color:#cc0000; font-weight:bold;">*</span>
</td><tr><tr><td>Verification Code:<br>
<img src='/cgi-bin/captcha.cgi'>
</td><td><input type='text' name='verifytext'>
</td></tr><tr><td colspan='2' align='center'>
<input type='submit' value='Submit'>
</td></tr></table>
</form>
<br><br>
</td><tr><tr><td>Verification Code:<br>
<img src='/cgi-bin/captcha.cgi'>
see the two <tr> tags? The first one should be a closing tag: </tr>
Any suggestions?
1. Open an SSH window to your domain. Know where your error logs are.
2. From a browser, enter example.com/cgi-bin/captcha.cgi
3. Immediately issue this command (with correct path) in the SSH window.
tail /var/www/example.com/statistics/wherever/error/log/is/error_log
The problem obviously lies in the captcha script, maybe it's just that you shouldn't have your images in cgi-bin . . . the error log should help.
You probably don't want to hear this, but you would be better off putting your energy into fixing the mailer script to stop spam as captchas are pretty easily beaten . . .
You probably don't want to hear this, but you would be better off putting your energy into fixing the mailer script to stop spam as captchas are pretty easily beaten . . .
How are they "easily" beaten? I know they can be beaten, but easily is not the way I would describe it. Is there something new out there that can easily and accurately convert a captcha to text?
When I say "pretty easily" I mean it appears to be pretty easy for those that know how. I've never gone down that road of research, but I've seen the effect - looked like they got past it "pretty easily" to me . . .
I've run a few vBulletin boards for a few years now. Captchas on, on all of them (and in retrospect, I might as well turn them off . . . ) As soon as one goes live, it's like these guys are just looking for new vBulletin installs to hack - and they get right by the captcha. You might think it's a manual input, but the data they submit is consistent with a lot of spam attacks on forms. You know the type - varying IP addresses, real words pulled from a dictionary but when strung together make very little sense, a regular pattern of attempts as if it's a 'bot process.
They hit them hard for a few weeks, but the other tools in place make them lose interest and they give up. Specifically, a simple trivia challenge that I change every couple weeks seems to be the most discouraging.
Its not easy to crack captchas although it is possible. A captcha cracking program that gets it right 50% is very good. But pattern recognition (as in OCR) is not always the first point of entry to captcha cracking.
I also suspect that the vBulletin attacks are probably not captcha cracking, but exploitation of vulnerabilities in the vBulletin software.
Anyway, getting off topic and maybe not fair to the OP to take the thread off on a tangent.
the vBulletin forum has a number of reports of the captcha images being cracked. Seems versions earlier than 3.5 need upgrading to reduce the problem.
My initial comment compels Lorel to address the root issue rather than try to road-block it at the front end. I suggest this for two reasons:
- Your users will hate you for a captcha. They seem to despise them, and this is another barrier for them.
- If you are getting problems with spam, there are a myriad of ways to stop them server-side. There are many threads here on this very topic.
Other than the vBulletin example, in which I use captcha only because it's built in and because it's not my software (and I don't want to tweak it because my tweaks get overwritten with every "update"), I've never had to use a captchka (fingers crossed.) I've managed to stop all spam attempts on all my client sites, and boy they do try (I log all input.) No user action required, and it's not all that difficult using stringent input filtering.
