Hi Bob and Max!
I have a form on a website that keeps getting spammed even though its running Google NoCaptcha. I want to add an additional security question where the user must enter a one word answer that matches a pre-defined response in the form. Something like this:
What is the color of the sky?
The site visitor must answer "blue" - The form should not submit unless the answer is blue (or maybe blue and Blue, in case someone uses an uppercase B).
My question, of course, is going to be more challenging than the one above. That's just an easy example to show you what I'm trying to do.
Thanks for your help and Happy Holidays!
Jose
I have a form on a website that keeps getting spammed even though its running Google NoCaptcha. I want to add an additional security question where the user must enter a one word answer that matches a pre-defined response in the form. Something like this:
What is the color of the sky?
The site visitor must answer "blue" - The form should not submit unless the answer is blue (or maybe blue and Blue, in case someone uses an uppercase B).
My question, of course, is going to be more challenging than the one above. That's just an easy example to show you what I'm trying to do.
Thanks for your help and Happy Holidays!
Jose
Hi Jose,
Please check that you have Google NoCaptcha correctly set up. That should be at least as effective as your suggestion.
What kind of spam are you getting ? Adding serverside validation should be able to block most of it if there is any kind of pattern.
And, if you really need to , you can use the Security Question anti-spam built in to Cfv5.
Bob
Please check that you have Google NoCaptcha correctly set up. That should be at least as effective as your suggestion.
What kind of spam are you getting ? Adding serverside validation should be able to block most of it if there is any kind of pattern.
And, if you really need to , you can use the Security Question anti-spam built in to Cfv5.
Bob
Hi Bob, the Google NoCaptcha is correctly set up for sure. Every time I test the form without checking NoCaptcha the form doesn't submit.
I added the security question anti-span built into CFv5 but I think I'm doing something wrong because it's not working. Here's what I did:
- I added a text box field in Designer and used secques for field name and field id
- Wrote "What color is the sky?" for label (to continue with the example above
- Made the field required
- Added a Load Security Question field in On Load and wrote secques=blue
- Added a Check Security Question field in On Submit
- I made sure that both security question fields in Setup are under Google NoCaptcha
The form displays ok but when i submit I get a You have entered a wrong security question's answer error
What am I doing wrong?
Thanks!
Jose
P.S. Here are three spam examples:
I added the security question anti-span built into CFv5 but I think I'm doing something wrong because it's not working. Here's what I did:
- I added a text box field in Designer and used secques for field name and field id
- Wrote "What color is the sky?" for label (to continue with the example above
- Made the field required
- Added a Load Security Question field in On Load and wrote secques=blue
- Added a Check Security Question field in On Submit
- I made sure that both security question fields in Setup are under Google NoCaptcha
The form displays ok but when i submit I get a You have entered a wrong security question's answer error
What am I doing wrong?
Thanks!
Jose
P.S. Here are three spam examples:
I would like information on Advocacy
First Name Clyde
Last Name Johnston
Company Name Clyde Johnston
Phone Number
Email Address johnston.clyde76@gmail.com
Comments This crazy 56 year-old geography teacher in Memphis, Tennessee
believed he can change the energy world... and somehow he did it.
Check it out at:
https://goo.gl/BFsib3
IP: 74.91.49.84
I would like information on Membership
First Name AntholAbure
Last Name AntholAbure
Company Name google
Phone Number 88437114646
Email Address kn0wn0w@yandex.ru
Comments Listen, let's not spend more time for it.
http://afpinstitute.com/index.php/component/users/?option=com_k2&view=itemlist&task=user&id=900587
IP: 37.233.20.3
I would like information on Employment
First Name Georgefes
Last Name Georgefes
Company Name google
Phone Number 83759527997
Email Address kardio.tvister@yandex.com
Comments Elton John is my favourite jazz-singer of the world. http://iambrianmc.tumblr.com
IP: 31.184.238.101
Bob, as added information. I now have a second form on a different website which is having the same issues.. Yesterday and today they got two spam form submissions. Google NoCaptcha is working ok there too. If I give you access to the Joomla CP on one of these sites would you mind taking a look to make sure there are no issues that I might be missing?
thanks!
Jose
thanks!
Jose
Hi Jose,
The examples you posted look like human spammers i.e. there are plausible responses to the inputs, What exactly tells you that they are spam?? If you can see a clear pattern - e.g. urls in the message text - then you can add custom serverside validation to block them.
Bob
The examples you posted look like human spammers i.e. there are plausible responses to the inputs, What exactly tells you that they are spam?? If you can see a clear pattern - e.g. urls in the message text - then you can add custom serverside validation to block them.
Bob
Hi Bob, I call them spam in the sense that they are not real form submissions. These are business organization. Those forms submissions, even by humans, are an attempt to disrupt.
How do I add custom serverside validation? I've never done that.
Jose
How do I add custom serverside validation? I've never done that.
Jose
Hi Bob, I found this article on serverside validation.
https://www.chronoengine.com/faqs/54-chronoforms/cfv4/cfv4-validation/2678-how-can-i-add-auto-serverside-validation
I'm not sure I'm following. Even if I add the information in the article, it looks to me like the examples above would pass. None of the fields are empty and they all meet basic validation criteria (alpha characters for name, email format for email, etc.). Am I missing something?
Jose
https://www.chronoengine.com/faqs/54-chronoforms/cfv4/cfv4-validation/2678-how-can-i-add-auto-serverside-validation
I'm not sure I'm following. Even if I add the information in the article, it looks to me like the examples above would pass. None of the fields are empty and they all meet basic validation criteria (alpha characters for name, email format for email, etc.). Am I missing something?
Jose
Hi Jose,
You need to find some pattern that identifies them as 'spam' - then you can block that pattern (or patterns) - here filtering on emails containing yandex would catch 2 of them - as long as you don't expect any 'genuine' posts like that. Otherwise you are back to human filtering.
Bob
You need to find some pattern that identifies them as 'spam' - then you can block that pattern (or patterns) - here filtering on emails containing yandex would catch 2 of them - as long as you don't expect any 'genuine' posts like that. Otherwise you are back to human filtering.
Bob
Hi Bob, let's go back to the security question then. Both are local organizations with local form submissions. I'm planning to do geographical-type questions that any local would know how to answer.
So... back to my original question above. What am I doing wrong with how I setup the security question that is not working.
Thanks for your help!
Jose
So... back to my original question above. What am I doing wrong with how I setup the security question that is not working.
Thanks for your help!
Jose
Hi Jose,
I don't see anything obvious wrong with your security question. Please try adding a Debugger action so that you can see exactly what is being submitted.
Bob
I don't see anything obvious wrong with your security question. Please try adding a Debugger action so that you can see exactly what is being submitted.
Bob
Hi Bob, I just added the debugger. Can i PM you the site's URL? I don't want to post it in public.
Sent!🙂
Hi Jose,
You have changed some of the Security Question settings the name and the way the question is shown - I have made a copy of your form where I have changed the settings and that now works OK (I hope).
Bob
You have changed some of the Security Question settings the name and the way the question is shown - I have made a copy of your form where I have changed the settings and that now works OK (I hope).
Bob
Hi Bob,
OMG! What I mess I had made LOL! Evidently, I didn't know how to setup the security question correctly. Thanks for your help!! I'm going to write down here the correct setup for future reference for me and in the hopes it might help someone else later on:
How to setup a security question for Q: What color is the sky? and A: Blue
DESIGNER
- Add a security question field. Don't change anything! If you need to add a note to the question (something like "one word, only the color") do so in the Sub Label field.
SETUP
- Add a load security question field in On Load
- Click edit on the load security field and enter the question and answer in there like this: What color is the sky?=Blue
- Add a check security question field in On Submit
- Drag an event loop field into on fail of the check security question
You're done!
OMG! What I mess I had made LOL! Evidently, I didn't know how to setup the security question correctly. Thanks for your help!! I'm going to write down here the correct setup for future reference for me and in the hopes it might help someone else later on:
How to setup a security question for Q: What color is the sky? and A: Blue
DESIGNER
- Add a security question field. Don't change anything! If you need to add a note to the question (something like "one word, only the color") do so in the Sub Label field.
SETUP
- Add a load security question field in On Load
- Click edit on the load security field and enter the question and answer in there like this: What color is the sky?=Blue
- Add a check security question field in On Submit
- Drag an event loop field into on fail of the check security question
You're done!
This topic is locked and no more replies can be posted.
