Kontaktformular.com

Contact Form with Professional Spam Protection!

---

Our contact form has the ability to effectively block spam. By default, the visible spam protection function (security code or question) is deactivated. However, it can be activated at any time. Alternatively, we also offer you five other anti-spam functions to effectively ward off unwanted emails. You can read more about these options (captcha, time-out, click check, link blocker, bad word filter and honeypot) here.

Visit the downloads page to view all available HTML contact form templates.

Example - Template 1 - Standard Version
(Visit the downloads page | Seven anti-spam options!)

---

1. Bad word filter / blacklist (on/off)

With the bad word filter, you can easily filter out unwanted words, symbols, and numbers. If a user inadvertently types a bad word, a message will warn that a suspicious word has been used. As a standard, you can exclude five word combinations (sex%; pussy%, porn%, %.ru, %.ru/%).

This is how the bad word filter works:
badword
Matches when the message contains the bad word
badword%
Matches when the message includes the bad word AND when a word begins with the bad word
%badword
Matches when message includes the bad word AND when a word ends with the bad word
%badword%
Matches when message includes the bad word AND when a word contains the bad word

If we take the word combinations listed above as an example, it is quite easy to understand: For example, the expression sex% not only excludes the word sex, but also the words sexy or sexuality. (That is, every word that begins with sex). The same applies to pussy%, which would also exclude pussycat. %.ru excludes all domains (or words) that end with .ru. And %.ru/% excludes not only all domains that end with .ru, but also any possible directories.

In conclusion: With these filter tools, you do not have to waste time and effort creating a long list of individual words.

2. Time-out (on/off)

Spam bots are designed to send email by the bucketloads. The misuse of forms to send such unwanted emails usually happens in a matter of milliseconds. With the time-out option, you can define that the message will only be sent after x seconds. You can set the time (seconds) yourself. The time-out mechanism is a good anti-spam measure, as it prevents unwanted emails from being sent.

3. Click check (on/off)

Click check has been adapted to the currently available Internet technologies, as browsers are now able to simulate a button click. That means that it is not possible to know whether the browser simulated the click or whether a person actually clicked on a button. Therefore, click check now does not interpret a "click" as a "human action", but a "rollover" with the mouse or tapping the button with the finger on devices with touch screens. That means that as soon as a button is tapped or rolled over, the script knows: This is a person!

4. Honeypot (on/off)

A honeypot basically is a hidden input field that acts as a spam trap. How it works: Spambots tend to fill out all fields in a form and therefore fall into this trap. As soon as they fill out this field - invisible to the human eye - an error message appears. Even though the honeypot field is invisible, screen readers read it out to people with visual impairments. To ensure accessibility, the form includes a warning note ("Do not enter anything in this field").

5. No links (or only x links) allowed (on/off)

The purpose of spambots is to deliver links to dubious websites (gambling, pornography, etc.) With this option, you can forbid "the user" from including links/URLs in the message. You can determine how many links you want to allow.

6. Captcha - security code (on/off)

The security code is a captcha that generates a combination of four random characters (letters and numbers). However, nowadays there are computer programs able to identify these characters. Still, this form of anti-spam protection has proven to be effective in past years. As with all of the other options, you can deactivate or activate the security code as you prefer.

7. Captcha - security question (on/off)

The security question is an effective spam protection method as it allows you to ask any question you like. To do so, just AntiSpam.php in an editor (we recommend using Notepad2) and overwrite the default questions and answers. Your answers can also be individual words. Just take care not to make the questions too difficult. The answers should ideally be words with lowercase letters, as the script is case sensitive. Click here to see an example.

IP lock (must be installed manually)

We did not include an active IP lock function in the contact form by default because German/European laws prohibit storing/comparing IP addresses without authorization. If your company/website is from another country outside the EU, other data protection laws may apply. In this case, you are free to activate this option. How it works:

1. In contact.php, enter this code before <!DOCTYPE html>:
<?php $ip = $_SERVER['REMOTE_ADDR']; ?>

Also in contact.php, enter this other code before <textarea (in the HTML section): <input type='hidden' name='ipblocking' value="<?php echo $ip; ?>" />
(This input field is invisible so it does not "mess" with your layout.)

2. In config.php, under "$cfg['Badwordfields']", enter the word ipblocking after "message".
This is how it should look: $cfg['Badwordfields'] = 'title, first_name, name, company, telephone, email, subject, message, ipblocking';

3. You’re done! You can also include IP addresses in the bad word list. Info: The sender’s IP address is shown in the email sent to the recipient. That means that the IP address can also be seen immediately in spam mails. However, please remember to activate the data privacy notice. This ensures that (real) users agree to their IP addresses being transmitted.

Pro tip: To exclude entire IP classes, use the % sign.

Example:
The IP address is 109.250.96.112 and you want to exclude the last IP class ***.***.**.*** (IP class D). All you need to do is enter 109.250.96.% in "$cfg['Badwordfilter']". Now, all IP addresses that start with 109.250.96 are blocked!

Custom Form