That was fast for the first day listed

[Seraphim]

what do you mean the php contact form is not a secure site?

Even if you are sending it via HTTPS, spambots will figure out what values to put in for the fields of a http post or http get, and will blindly post data to it once it is figured out how to make it accept data.

Many of these will even use any sort of activation email that you try to send in order to further their goals.

Not only that, but if you leave any kind of vulnerability such as MySQL injection or XSS based exploits, they will eventually discover and begin to use them.

On mine I use a HTTPS post and email activation, and even with input filtration to prevent a SQL injection I still get a bunch of obviously spam signups every day. The only really foolproof way to stop them is to actually talk to the client before accepting their registration, that way you can get a feel for what to expect from them and they know you are paying attention to your equipment.

[ttb62]

Even if you are sending it via HTTPS, spambots will figure out what values to put in for the fields of a http post or http get, and will blindly post data to it once it is figured out how to make it accept data.

Its just a simple form to mail. no database with trim() stripslashes() htmlspecialchars(), a simple anti spam and a hidden anti spam feature. there is no security issues and no spam any more. so I still wonder what was meant by "not a secure site". There is never a request for finical information or personal. sure would like to hear his/her reasoning behind the statement.

[vServer Center]

WOW the spam bots have gotten really advanced when they know to check the e-mail address and click the link. I guess this is why I see so many of those type the letters from this image tests.

[Trel]

Ok, but if you already have a Facebook account you don't have to enter captcha or verify your email.

That is very true. I have started to look at this again and it seems to be a valid way to increase signups. Implementing Facebook Connect, Google/Yahoo OAUTH, and a few others for European users should reduce the barrier to entry considerably. I still think that having a secondary confirmation layer for hosting account signups will be required. Google and Facebook have already pioneered SMS confirmation for their services so that seems like a reasonable course to take.

[Expo]

Just a random idea I just came up with:

How about you guys try this to prevent spam bots, "An E-mail Image Captcha", isn't it brilliant ?

So, my idea is, to generate a random code with PHP and use some somewhat distorted font to do it, to prevent OCR and still keep it within the limits of human readability, save that text to MySQL/whatever database you use, and then generate a random, unique file name send the image in an email along with the link to the activation code for that email, which in turn will check against the MySQL data for a match in the codes, tell me what you think.