Home Downloads Forums Shop FAQs Blog Contact Demo Login

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Forums

Spammers submitting form without filling it in

ChronoForms v5
Al
AlexRees 17 May, 2017
I'm getting lots of spam from my Chronoforms v5 form which is bypassing the following anti spam protection:

- Mandatory fields which are left blank.
- IP blocking code as described here: https://www.chronoengine.com/faqs/55-cfv4/cfv4-anti-spam/2601-how-can-i-stop-spam-from-my-form.html . Although I can't get this to block my own IP so I suspect it isn't working
- Security question/answer

It seems that they must be submitting the form using the direct method you described in the page I liked above:

"We've seen a small number of cases where a crawler bot with an IP address like IP 173.199.120.83 owned by Choopa.com generates empty emails. We think that the bot finds the 'action' URLs of the forms in the page and 'clicks' on them directly. Here's the 'help' from their site:"

However, in my case these are spammers, not a crawler bot.

Is there a way round this issue?

Thanks for any help!
Gr
GreyHead 17 May, 2017
Hi Alex,

As you say, your IP blocking code isn't working when you test so it can't be set up correctly. The same may be true of your other server side validation. Please take a Form Backup using the icon in the Forms Manager and post it here and I'll take a closer look.

Bob
Al
AlexRees 17 May, 2017
Form attached, thanks for taking a look. It is a migration from v4 and the v5 wizard designer didn't like the containers, so I used custom code instead.

The security question does seem to work but I'm not sure if it is client or server side.
Gr
GreyHead 17 May, 2017
Hi Alex,

There are 's missing at the beginning and end of the second line here from the IP code. Please fix that and see if it makes a difference:

'93.170.187.48',
93.186.200.112,
'93.188.37.135',

Other than that everything appears to be working correctly.

Is there any other identifiable pattern the spam you are getting that might help block it?

Adding serverside validation well help; spammers often have JavaScript disabled so the client side validation won't stop them.

Bob
Al
AlexRees 17 May, 2017
Ah yes, that works now thanks for spotting it.

They almost always miss some of the mandatory fields, so I will put the validation server side if I can't stop them by IP blocking.
This topic is locked and no more replies can be posted.
Terms Of Use Privacy Policy Business Partners

2Checkout.com

2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods and services provided by ChronoEngine.com

© 2006 - 2024 ChronoEngine.com