That's a good question. I'm not sure what is the answer. I'll do some poking around and get back to you if I find an good answer. You should email the people at Verisign as they probably know..
No that is not correct,.
Many spammers have a way of hiding their IP address. If the contact form can check for the presence of an IP address it excludes many of the automatic spammers. I know this to be true because I use it on another Verisign site that I have. This other Verisign site is written in cgi which I can use but I am not sure how to write it into a php script, I do know that it uses ENVIRONMENT VARIABLE somehow..
Maybe try installing anti robot registration into your contact form, but as far as I know everyone must have an IP address...
If you can show me how they're "hiding" the IP address, I'll show you code to block'em..
Keep in mind that "hiding" and "spoofing" (falsifying) are two different animals (.
According to you.
So, I need an example of what your Verisign site sees as a "hidden" IP address..
To do that, at the top of.
Find this code:.
$sender_ip1 = "\n"'Sent from: ('$_SERVER['REMOTE_ADDR']')'"\n";.
$sender_ip2 = 'Sent from: ('tep_get_ip_address()')'"\n";.
Then find this line:.
Tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);.
Replace it with:.
Tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry.$sender_ip1.$sender_ip2, $name, $email_address);.
Backup the file before making any edits..
With this code in place, at the bottom of each email you receive this text will be added:.
Just post back and let me know what text is there in any SPAM you get...
Seen (or maybe.
Seen) any hidden IP addresses lately???..
Hi, I have just returned after a few days away and have not had a chance to try your suggestion..
I will adapt your bit of code in an "if" statement to test for "$sender_ip1" if it is 0 I will then exit rather than send the email..
I do something similar on my other cgi Verisign site which works just fine. I think some of the auto spammers hide their IP but legitimate inquires do not..
One more question if you would not mind, in which file are the default error messages and can I add custom versions?.
I believe most of the error messages are in.
Personally I'd put the code I suggested in there and see exactly what data it is you're dealing with before coding any action..
Number one, the IP address is a string not a number so comparing it to ZERO may not yield the desired result. The length of the string may be ZERO but I doubt it will actually be "0"..
A normal result would look like this:.
Would each be a numeric value between 0 and 255..
You might get something like:.
Number two, since you have benefitted from the collective knowlege of the osC community it would be nice if you came back and posted whatever you learn about this (thus giving back by adding to the collective knowlege of the osC community) so we all may have better, more secure, ecommerce sites...
Thank you for the additional info..
I will most certainly let you know how it works out when I have had a chance to implement it. The one thing I don't have is time, sorting out small problems on this Verisign site of mine is just a very small part of my total work load, the problems of running your own businesses!!.
Does anyone know how to modify the contact form script so that it will not be processed unless the user has an IP address?.
Someone correct me if I'm wrong, but everyone has an IP address..
That being said, there are ways to falsify your IP address (like going thru a proxy server) so the IP address that everyone on the net sees you by isn't your.
But you still have an IP address...