Captcha

We have captcha in place on a form for a client of ours that doesn't seem to be working. Within the last 30 days or so they have been receiving a bunch of spam form submissions (roughly 30 a day or more). Can you take a look at it, I'm sure we have some parts that must be incorrect on our end.

Are you sure the spam is coming from this page? Do the messages have the subject "Contact us Form Submission"

This issue might be as simple as the blank line of code on the top of the page. Try deleting that and see if the spam stops.

Thanks Ray,
I did remove the blank line, we’ll see what happens. It was definitely coming from the contact us page.
Thank again!

Well, it looks like there’s something else going on, client received three more spam submissions early this morning.

Is it possible you have another test page on the web server without the captcha? Maybe it is actually another page the spammers found.

If you only got 3, they could be actually filling out the form and entering the captcha value. How can you be sure it isn't a human? Captcha only prevents bots.

You could start recording the IP address of submissions and if it comes from a consistent IP or range then block it that way.

Sounds good, I actually checked and saw a contact2.php on the server side so I deleted that, hopefully that will fix it. One quick question... how do you "record an IP address" ? Tried to find a tutorial but no luck. Thanks for the help!

The IP address is in the bindings under: $_SERVER['REMOTE_ADDR']

You could insert into the database with every email and record that value with the content to identify which is which. That would tell you definitively if you are on the page that is being used and you might be able to identify the IP address of the offending party as well.