Blocking someone from usuing my form

We are a group of cloistered nuns with a web site that has a page with a form for people to submit their prayer requests to us. Mount Grace Convent
It is simple and anonymous; the people submit their requests and we receive them by email. The form uses PHP.
Unfortunately, we have been recently plagued by a sick pervert who is sending us disgusting messages. My question is: is there a way to block his access to our form, or even better yet block him from visiting our website? I was thinking of using Javascript to put a cookie on his computer. Is this possible? How can we do it? My knowledge of Javascript is minimal; I used it on a few places on our web site but I had to cut & paste other people’s code.
I did manage to change the PHP code so that when he types a certain name into the “Your Name” field, the message is not sent to us. This is only partially effective however since now he is starting to use different names.
Please help!

JavaScript is a client-side language, so it wouldn’t be very effective since it can be turned off or bypassed.

With every message that is submitted, you can opt to capture the IP address. Then, when the malicious user submits his/her message, you can take that IP address and block them–either from the server entirely (through your hosing provider’s management tools), or with PHP if-statement


if($_SERVER['REMOTE_ADDR']=='10.10.10.10'){
     echo "<p>Access denied</p>";
}else{
   //your form
}

However, by capturing an IP address with the submitted message, it would no longer be completely anonymous. In that case, the other option would be to filter out key words, or use a “bad word filter”.


$badwords = array('badword1', 'badword2', 'ew', 'yuck');
$badword_count = 0 //number of bad words detected
$badword_threshold = 5 //number of bad words allowed before message is rejected

if(isset($_POST['message'])){
     $result_str = str_ireplace($badwords, '****', $_POST['message'], $badword_count);  //this finds the bad words and returns the count to $badword_count
     if($badword_count>$badword_threshold){ //check threshold for number of bad words allowed
           echo '<p>Sorry, your message cannot be submitted due to vulgar language.</p>';
     }
     else{
            //submit the message
      }
}

$_POST['message']

The risk with this second option is that you might detect a few false positives, but with the threshold count in place, it makes it less likely.

There’s really no way to block an individual from accessing your public site. If you decide to capture and block the user’s IP address, that person can simply connect to the internet through another network or use a proxy server and do it all over again.

Most sites use something called Captcha to help prevent people from sending spam messages. This requires the user to look at a picture and copy into the form what the picture says before sending the message.

You can read more about captcha here The Official CAPTCHA Site or by searching it on google.

Captcha only prevents automated spam. From the sounds of it, submissions are coming from an actual individual.

Thanks, Force Flow. I don’t think a Captcha would help. This is definitely a real person sending us these messages. Your second option looks like my best choice…unfortunately my knowledge of PHP is even less than Java Script. Below is part of my PHP. He changes his name, but so far there has always been “yik” in the name so that is what I tried to note. The message then still comes to us, but with a different subject so I know to delete it without opening. I left the same message that other people receive as the echo since I didn’t want him to have the satisfaction of knowing he was bothering us. Can you write your above code to fit in with what is below? Thanks!

$your_name = $_POST[‘Sender’] ;
$recepient = $_POST[‘Recipient’] ;
$intention = $_POST[‘Intentions’] ;
$to = ‘****’;
$subject = ‘web site prayer request’;
$subtoo = “do not open”;
$msg = "$your_name
" .
"is requesting the following prayers for $recepient:
" .
“$intention”;
$name = explode(’ ', $your_name);

//if from pervert, mail with warning subject
foreach ($name as $word){
if ($word == ‘yik’) {
mail($to, $subtoo, $msg);
echo ?> <h3>We are praying for you.</h3> <?php ;
break;}

  else {