Monthly Archives: October 2015

Simple PHP contact form with Google reCaptcha

So, *everyone* needs a simple form to send emails, via PHP, but we also need a protection agains bots/spammers.
This is code that i’v grabbed from codeforgeek and improved since the original had a few errors that made it impossible to run/work/send email.

It uses Google reCaptcha and you need to register you site/domain on it and grab the site key and the secret key.

The form already has twitter bootstrap classes… but you can remove them! 🙂

The form.php – at the begin
<?php
	$to      = [email protected]';
	$subject = 'Support Message';

	// keys from Google reCaptcha https://www.google.com/recaptcha/admin
	$sitekey = 'recaptcha_site_key';
	$secretkey = 'recaptcha_secret_key';

	$alert = '';
	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$email;$message;$captcha;
		if(isset($_POST['email']))
        			$email=$_POST['email'];
		        if(isset($_POST['message']))
        			$message=$_POST['message'];
			if(isset($_POST['g-recaptcha-response']))
        		$captcha=$_POST['g-recaptcha-response'];

	        	if(!$captcha)
        		$alert = '<div class="alert alert-warning" role="alert">Please wait until the captcha protection give you a check mark.</div>';

        	$response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret='.$secretkey.'&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));

		if($response->success==false)
		{
			/* lets set the error message for the alert... */
			if ($alert=='')
				$alert = '<div class="alert alert-danger" role="alert">Some how you have been detected has a spammer.</div>';
        	}
		else
		{
			/* the email to you */
			$headers = 'From: '.$to.'' . "\r\n" .
                	'Reply-To: '.$email.'' . "\r\n" .
                	'X-Mailer: PHP/' . phpversion();
            		mail($to, $subject, $message, $headers);
			/* the copy of the email to the *client* */
			$headers = 'From: '.$email.'' . "\r\n" .
				'Reply-To: '.$to.'' . "\r\n" .
				'X-Mailer: PHP/' . phpversion();
			mail($email, 'COPY - '. $subject, $message, $headers);
			/* lets set the success message for the alert... */
			$alert = '<div class="alert alert-success" role="alert">Your email has been sent.</div>';
        	}
	}
?>
The html form
<?=$alert?>
<form id="comment_form" action="" method="post">
	<input name="email" type="email" placeholder="Type your email" size="40" class="form-control" value="<?=@$email?>" ><br><br>
	<textarea name="message" rows="8" cols="39" class="form-control"  placeholder="Your message to us..." ><?=@$message?></textarea><br>
	<div class="g-recaptcha" data-sitekey="<?=$sitekey?>"></div><br>
	<input type="submit" name="submit" value="Send message" class="btn btn-default"><br>
</form>

Some where at the bottom/footer…

<script src='https://www.google.com/recaptcha/api.js'></script>

 

Hope it helps anyone! 🙂

Daily stats January 2014 – October 2015 of three of my blogs

Daily stats January 2014 – October 2015
1,780,602 Total page views
811,951 Total visitors
718,178 First time visitors
2.19 Page views per visit
88.4% New visitors ratio

exportflaPNGss

1,546,692 Total page views
823,968 Total visitors
728,652 First time visitors
1.87 Page views per visit
88.4% New visitors ratio

exportflaPNGsh

1,164,327 Total page views
629,861 Total visitors
560,493 First time visitors
1.84 Page views per visit
88.9% New visitors ratio

exportflaPNGspt

Esoterica – acesso externo ao MySQL em alojamentos partilhados

Em ‘tuguês…
básicamente é o seguinte:

Boa tarde,

Informamos que o acesso externo ao MySQL em alojamentos partilhados Esoterica encontra-se bloqueado por questões de segurança.

A gestão da base de dados deverá ser efectuado através do phpMyAdmin disponível no painel de controlo da sua conta de alojamento.

Se necessitar de esclarecimentos adicionais não hesite em contactar-nos.

Cumprimentos,

Setting up my MOTD on a Ubuntu 14.04.3 LTS

Some of my servers have a fancy motd…
I like them… unfortunately my new server didn’t had it.

I had to run

apt-get install landscape-common
dpkg-reconfigure landscape-common

On dkpg-reconfigure I’v selected Run sysinfo on every login.

Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-63-generic x86_64)

* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Fri Oct 23 10:28:37 2015 from es2-84-XXX-XXX-XXX.netvisao.pt

System information as of Fri Oct 23 10:28:59 CEST 2015

System load: 0.06 Processes: 245
Usage of /: 81.9% of 411.33GB Users logged in: 1
Memory usage: 9% IP address for em0: 195.154.XXX.XXX
Swap usage: 0%

Graph this data and manage this system at:
https://landscape.canonical.com/
[email protected]:~$

To have the number of updates/security updates we need to run the following apt-get command….

sudo apt-get install update-notifier-common

This way we will see also

20 packages can be updated.
8 updates are security updates.

11354348_10153193542464733_1315224652_n

DigitalOcean droplets used to ssh force entry

Today I was watching my fail2ban logs, on one of my servers and found a DigitalOcean ip trying to brute force via SSH.

2015-10-18 18:08:07,471 fail2ban.actions: WARNING [ssh] Ban 46.101.227.169

IP WHOIS

inetnum: 46.101.128.0 - 46.101.255.255
netname: EU-DIGITALOCEAN-DE1
descr: Digital Ocean, Inc.
country: DE
org: ORG-DOI2-RIPE
admin-c: BU332-RIPE
tech-c: BU332-RIPE
status: ASSIGNED PA
mnt-by: digitalocean
mnt-lower: digitalocean
mnt-routes: digitalocean
mnt-domains: digitalocean
created: 2015-06-03T01:15:35Z
last-modified: 2015-06-03T01:15:35Z
source: RIPE # Filtered

Since, I have 3 droplets @ digitalocean, decided to use their support to see what will they do about it…

Captura de ecrã 2015-10-18, às 17.51.04