I have a booking form that has been working fine, but recently I received a couple of emails from the form where all of the fields were blank (actually blank - not curly brackets).
Several of the fields are required. I tested the form and found that I could not submit it without filling those in, and when I did fill them in the information came through.
The only useful piece of information that did come through was the IP address. I checked it and found that in both cases the IP address was local (i.e. within my city), which means it is unlikely to be spam or a bot.
I tried the form from my phone as well in case there was some difference on mobiles, but it worked as expected.
Firstly - Is there anywhere I might be able to look to retrieve the missing information?
Secondly - How do I fix it so it won't happen?
This can happen if you have a virus scanner on your server setup that regularly checks all the links on the site - including the links in your <form> tags. I'd suggest that you add serverside validation to block the IP address and/or check for key inputs being blank.
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
Do you mean you think it's malicious?
I thought that was possible too, but when I checked the IPs and both were from the city where I live (which is a small city) for a course that is only open to people in this city, it just seems really unlikely that it's a bot or anything similar.
I think they were genuine attempts to book, so it's really disappointing that I have no way to know who they were.
I also realise now I posted this in the wrong place. It's actually Chronoforms V5, but it was a V4 form that was carried over.
I've made some changes to the form now so that it also saves the fields to the DB. I'm hoping at least if it happens again I might get the data in the DB even if it doesn't come through in the email.
No - by 'virus scanner' I meant a piece of software on your server that scans the site every day looking for malicious stuff. We've seen web-hosts add those increasingly and they can generate 'false' submissions. If you are now saving the data in a table you can look for patterns in the timing and IP Address that can give clues about the source.
But if it was the web-host - wouldn't it be that host's IP address?
The two IP addresses were both from Christchurch, NZ (where I live), but the site is hosted on a US server.
Yes, you are right, I had assumed that most likely you were hosting locally.
2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods and services provided by ChronoEngine.com