I ran into the same issue as mentioned above. In my situation I was hosting a website on bluehost, which used `contact.php` to send an e-mail according to the contact-form on the website.
My contact form looked like this:
```
<div class="col-md-7 contact-form wow animated fadeInLeft">
<form id="contact-form" role="form" onsubmit="formSubmit(event)">
<div class="input-field">
<input id="name" type="text" required name="name" class="form-control" placeholder="Your Name...">
</div>
<div class="input-field">
<input id="email" type="email" required name="email" class="form-control" placeholder="Your Email...">
</div>
<div class="input-field">
<input type="text" name="subject" class="form-control" placeholder="Subject...">
</div>
<div class="input-field">
<textarea id="message" name="message" class="form-control" placeholder="Messages..."></textarea>
</div>
<button type="submit" id="submit" class="btn btn-blue btn-effect">Send</button>
</form>
<div id="form-success-message" class="form-success-message alert alert-success alert-dismissible" role="alert">
<h4 class="alert-heading">Thank you for contacting us!</h4>
<hr>
<p></p>
<strong>The form was submitted successfully.</strong>
<br>In a few minutes you will receive an e-mail confirming that your question was sent successfully.
<br>Our team will contact you soon!
<br>
<br>In case the confirmation e-mail would not arrive within the next hours, verify that the email is not in your SPAM folder, or please contact us directly (****@******.tech).
<button onclick="document.getElementById('form-success-message').style.display = 'none';" type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close form submitted message"></button>
</div>
<div id="form-no-success-message" class="form-no-success-message alert alert-danger alert-dismissible" role="alert">
<h4 class="alert-heading">Oeps, something went wrong</h4>
<hr>
<p></p>
<strong>The form was not submitted.</strong>
<br>Please try again later, or contact us directly via e-mail (******@******.tech) or via WhatsApp.
<button onclick="document.getElementById('form-success-message').style.display = 'none';" type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close form submitted message"></button>
</div>
</div>
````
The script on my index.html page looked like this:
````
<script>
// Function responsible for sending the e-mail via the message contact form.
// At the moment the message contact form is submitted, it tries to fetch a php function
// in case the php function is not working, it will return a response from which the ok is false.
// Otherwise, it should return a possitive ok.
// FYI: function does not return a inscanceof error for now.
//
// In case no errors are thrown, the website will display a form success message
// In case the ok response from the php form is negative, a form no success message is displayed.
function formSubmit(event) {
/* Prevent button causing default browser submit */
event.preventDefault();
/* Get form element */
const form = document.getElementById('contact-form');
/* Create form data object from form element which contains post data */
let formData = new FormData(form);
/* Issue "ajax request" to server. Change /post-to-url to the appropriate
url on your server */
fetch('/contact.php', {
body: formData,
method: "post"
})
.then(function(response) {
if(!response.ok){
document.getElementById('form-no-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}else{
document.getElementById('form-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}
})
.catch(function(error) {
console.log('Error', error);
});
}
</script>
````
The file `contact.php` looked like this:
````
<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
//setting the variables
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
//Validate first
if(empty($name)||empty($visitor_email))
{
echo "Name and email are mandatory!";
exit;
}
if(IsInjected($visitor_email))
{
echo "Bad email value!";
exit;
}
//variables for the e-mail to client
$email_from = '***@******.tech';//<== update the email address
$email_subject = "New message via your website contact form";
$email_body = "You have received a new message from the following website visitor (name): $name.\n\nThe visitor used the e-mail address: $visitor_email\n\nThe content of the message is: \n\n $message.";
//variables for the confirmation e-mail to website user
$confirmation_email_subject = "We received your question!";
$confirmation_email_body = "We have received the following message from you via our contact form on our website *****.tech: \n\n Your name: $name.\n\n Your e-mail: $visitor_email\n\n Your message: \n\n $message. \n\nWe will get in contact as soon as possible! If you would not receive an answer in the coming 2 weeks, don't hesitate to contact us via:*****@*****.tech. \n\n This is an automated e-mail. We haven't read your question yet. This is merely a confirmation of the recieval.";
//e-mail of client
$to = "****@*******.tech";//<== update the email address
$headers = "From: $email_from \r\n";
//headers for confirmation
$confirmation_headers = "From: *****@******.tech"; //<== update the email address
//Send the email!
mail($to,$email_subject,$email_body,$headers);
mail($visitor_email,$confirmation_email_subject,$confirmation_email_body,$confirmation_headers);
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
`````
After hosting on bluehost, things worked for 5 minutes. Then I started receiving errors. More specifically, on submitting the form, I received a 409 error, containing:
````
<script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>
`````
I did some research, and found this page:
[To see links please register here]
At the bottom of the page you will read:
> This issue still exists. If visitor’s IP is blacklisted, URL with the word “contact” will give 409 error. The plugin author of Contact Form 7 could solve the issue by renaming folders/files and any API calls, from “contact” to “kontact”.
So I changed the PHP file to `kontact.php`.
And then changed in my script the reference:
````
<script>
// Function responsible for sending the e-mail via the message contact form.
// At the moment the message contact form is submitted, it tries to fetch a php function
// in case the php function is not working, it will return a response from which the ok is false.
// Otherwise, it should return a possitive ok.
// FYI: function does not return a inscanceof error for now.
//
// In case no errors are thrown, the website will display a form success message
// In case the ok response from the php form is negative, a form no success message is displayed.
function formSubmit(event) {
/* Prevent button causing default browser submit */
event.preventDefault();
/* Get form element */
const form = document.getElementById('contact-form');
/* Create form data object from form element which contains post data */
let formData = new FormData(form);
/* Issue "ajax request" to server. Change /post-to-url to the appropriate
url on your server */
fetch('/kontact.php', { *<===== changes here*
body: formData,
method: "post"
})
.then(function(response) {
if(!response.ok){
document.getElementById('form-no-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}else{
document.getElementById('form-success-message').style.display = 'block';
document.getElementById('contact-form').reset();
}
})
.catch(function(error) {
console.log('Error', error);
});
}
</script>
````
After that my contact form started working on bluehost.