We are getting a lot of forms submitted without captcha or any required fields. These are simple forms, no fancy stuff, with all fields required.
Do we have to do special programming to fix this? (Examples below - all fields are required, but nothing is filled out.)
Best regards,
Gary Piland
=====================================
Begin forwarded message:
From: Root User <root@localhost>
Subject: Contact from website
Date: August 13, 2015 at 4:16:54 PM CDT
To: dbl0six@aol.com
Your Name
Your Phone
Your Email
How can we help?
Anti-spam code
IP: 62.210.104.233
=====================================
Begin forwarded message:
From: Root User <root@localhost>
Subject: Contact from website
Date: August 13, 2015 at 4:17:01 PM CDT
To: dbl0six@aol.com
Your Name
Your Phone
Your Email
How can we help?
Anti-spam code
IP: 62.210.104.233
=====================================
Hi Umbrella,
The IP Addresses are the same and appear to be from OnLine SA in Paris. Is this your site host - or connected to them? If so then it may be that they are running a virus scan and hitting all the URLs on the site.
You can use an Event Switcher to check for this IP address - or for blank required entries and stop the form processing if they are found.
Bob
GH,
No, we have a dedicated server out at InMotion Hosting's LA data center and a few sites are now moving to Rochen.
I do block IPs like this when they come through at the server, but we are also seeing a lot of forms submitted at other IPs either empty or containing spam with no captcha filled out and some or all required fields empty, etc.
Seems like some new script is being used in various countries (France, Ukraine, Russia, China, Brazil) bypassing our required fields/cpatcha to submit forms.
So, to sum up - simple forms with captcha aren't going to work in these cases?
Hi Umbrella,
Captcha (in one form or another) should block most spam-bots. It won't block human spammers as they can answer the questions; and some captchas are open to breaching by more sophisticated spamming systems, though I haven't heard any reports of this happening with ChronoForms.
Spammers who get past the captcha can usually be blocked with server-side validation provided that there is some kind of pattern - e.g, URLs in message boxes or random strings in email or phone numbers.
Spam with an empty captcha shouldn't happen provided that there is a Check Captcha action with an Event Loop in the pink On Fail event.
Bob
GH
This a very simple form. All fields are required, it has a captcha (required). Somehow they are submitting it multiple times with no entries at all - nothing.
Also, when these are submitted the form is adding a record to the database that has an id, a uniq_id and created date and nothing else.
http://sixauto.com/contact
Can you give me a simple fix for this? I'm not an advanced user (obviously!)
Thanks!
Hi Umbrella,
The simple fix is to use Serverside validation to check one or more of the required inputs.
I checked that the Captcha is working so my best guess is that these are more likely web-bots or virus scanners on your host that spammers.
Bob
So I have to change the form to Advanced and add this server side validation? Got a howto link?
Also, it definitely is a script going around. Got this today... (notice the captcha entry)
Name CraigsList Ads AutoPoster
Email ccmpfwqlnq@gmail.com
Address http://Vevox.info/
City, State, Zip CraigsList Ads AutoPoster
Message CRAIGSLIST & BACKPAGE POSTING SOFTWARE - http://Vevox.info CRAIGSLIST & BACKPAGE POSTING SOFTWARE - Traffic Magnet CRAIGSLIST 24-HOUR POSTING SOFTWARE - Never stop Posting Your Ad - The More Ads Posted The More Sales ! http://Vevox.info
Captcha CraigsList Ads AutoPoster
CraigsList Ads AutoPoster
Hi Umbrella,
By all means PM me the site URL, the form name, and a SuperAdmin login and I'll take a quick look.
Bob
Just did.
Thanks for your help on this.
Apologies - we're using Admin Tools Pro and it blocked the user addition. Try it now, I just logged in okay.
GH
Hey there, I saw you logged in yesterday. Anyway, any word on the weird emails being sent with bad captchas, et?
Also, did you by chance install a component called com_mijosql on SixAuto? Never seen it before so I uninstalled it.
Our nightly maldet scan flagged it for base 64 code.
Again, I really appreciate the help.
Hi Umbrella,
Sorry, I got side-tracked onto something else yesterday and didn't get back to you.
There's something odd happening. The empty email seem to come in batches (I did install MijoSQL to see the db table) because I wanted to look at the pattern.
Also the Captcha results aren't being saved which suggests that the Check Captcha isn't working. I did notice when I looked at one of the forms that there are two forms using CF Captcha on the same page. This may be part of the problem as CF can't handle two captchas on the same page - changing one of the forms to use a HoneyPot should work OK
Bob
GH,
Thanks for the response.
Did you see my note about the base 64 code in the MijoSQL install? Looked pretty iffy to us and maldet tagged it as malware. Just fyi - you might want to make sure your installer isn't tainted. ;-)
Which page had the captcha on it twice? Was that the Credit App page?
GH,
Now we're starting to see this on other sites... this is from the contact form on TopekaChamber.org. Same thing, captcha is failing, not recording the actual sender (says it's from Root User), etc. Seems like there may be a hole somewhere. Also, notice it is even failing to capture the IP address now - it says this instead, "CraigsList Ads AutoPoster". Any ideas?
Name CraigsList Ads AutoPoster
Email ztsjquoeg@gmail.com
Address http://Vevox.info/
City, State, Zip CraigsList Ads AutoPoster
Message BACKPAGE & CRAIGSLIST - http://Vevox.info BACKPAGE & CRAIGSLIST Ad Posting SoftWare - Simple - The More Ads Posted, The More Sales - Simple ! BACKPAGE & CRAIGSLIST Ad Posting SoftWare -Sales Is A Numbers Game -Simple-More Ads Posted=More Sales http://Vevox.info
Captcha CraigsList Ads AutoPoster
CraigsList Ads AutoPoster
Hi Umbrella,
There appear to be several things going on here - not all of which I fully understand :-(
I took a CSV backup of the saved records from the ContactNEW table and I can see a few things there:
+ there are a few legitimate posts
+ there are a bunch of empty posts with no data at all apart from the default ChronoForms columns - not even a submit button
+ there are some duplicate (and triplicate) posts, usually close together in time suggesting page reloads or re-clicks,
+ there is one long post that has been truncated when saved - I think it was spam anyhow.
I'd start by adding serverside validation to block any post with no Captcha or with http:// in the phone or comments boxes. I think that will get rid of most of the obviously bad spam posts.
I'd also add an Anti-flood action to block repeat posts.
And I'd probably change the comments column in the database to type TEXT to avoid any truncated long posts.
Bob
PS MijoSQL is fine - its code includes some base64 encode calls (used for storing MySQL queries in the database), the scanner is seeing those and giving false positives.
Thank you. I'll see if I can figure this out.
Would it be possible to pay you to do the form on SixAuto.com and then I could use that as a template to use going forward? I know you're slammed there, but I could sure use the help.