Is Google's v3 recaptcha/nocaptcha supported in Chronoforms v5? or v6? All my forms are v5, and I prefer not to have to redo them all. And for me, v5 just seems more intuitive/easier to use then v6 (I hate re-learning something that's worked for years).
I'm finding my customers are getting a steady stream of spam from obvious bots (Russian character sets/etc) even with Google's v2 "I'm not a robot" active and working. Is there an exploit/work-around that maybe exists (doubtful) in Chronoforms vs. smarter bots circumventing Google's method?
-Bob
I'm finding my customers are getting a steady stream of spam from obvious bots (Russian character sets/etc) even with Google's v2 "I'm not a robot" active and working. Is there an exploit/work-around that maybe exists (doubtful) in Chronoforms vs. smarter bots circumventing Google's method?
-Bob
I sell a V3 plugin for CFv6 on my site, but there's nothing for CFv5.
Are they getting spam via the contact form itself, or directly to email?
Are they getting spam via the contact form itself, or directly to email?
Hi Bob,
If there is any pattern to the spam posts e.g. HTML in the textarea, or similar IP addresses, etc. then serverside validation should be good to block those posts.
Bob
If there is any pattern to the spam posts e.g. HTML in the textarea, or similar IP addresses, etc. then serverside validation should be good to block those posts.
Bob
@healyhatman, yes all the spam is coming from website forms with Google v2 recaptcha.
@GreyHead,
The spam is coming into mostly all the simple"contact us" forms, across several websites. There will be non-english char sets and urls in the "comment/question" field. Sometimes a full page's worth of garbage and all different IPs. By "serverside validation" are you referring to the re-captcha or is there another anti-spam method I can add?
Here are 2 examples from different websites:
@GreyHead,
The spam is coming into mostly all the simple"contact us" forms, across several websites. There will be non-english char sets and urls in the "comment/question" field. Sometimes a full page's worth of garbage and all different IPs. By "serverside validation" are you referring to the re-captcha or is there another anti-spam method I can add?
Here are 2 examples from different websites:
Hi Bob,
Human spammers can typically submit forms with Google ReCaptcha. Bots will usually be blocked.
ServerSide validation is the standard CF feature to check form data after it is submitted. See the Server Validation action in the Setup > Validation action group.
Bob
Human spammers can typically submit forms with Google ReCaptcha. Bots will usually be blocked.
ServerSide validation is the standard CF feature to check form data after it is submitted. See the Server Validation action in the Setup > Validation action group.
Bob
I'm wondering if some of these are people being paid to fill out forms or something.
I'll give server-side validation a try. Is there a Not function? IE, fail validation if the field has a url?
I also added the Honeypot field onto one website's form to get the time sensitive submit activated.
I'll give server-side validation a try. Is there a Not function? IE, fail validation if the field has a url?
I also added the Honeypot field onto one website's form to get the time sensitive submit activated.
Hi Bob,
That's a fair description of human spammers.
There isn't a Custom Serverside validation option in Cfv5 for some reason but you can use an Event Switcher to do the same thing. Add PHP to check for whatever pattern you see e.g. a URL in a textarea, then set an Event Loader or ReDirect action if the check fails.
Bob
That's a fair description of human spammers.
There isn't a Custom Serverside validation option in Cfv5 for some reason but you can use an Event Switcher to do the same thing. Add PHP to check for whatever pattern you see e.g. a URL in a textarea, then set an Event Loader or ReDirect action if the check fails.
Bob
Are there any examples/walk-thrus on how to do this? When I click on the "More info on Chronoengine.com" I get a 404 for:
http://www.chronoengine.com/chronoforms-wizard-help.html?term=textarea
Edit: Ah, I got it working!
(No more Urls/Links allowed in comments/question field)"! Forks to fail(event loop) with the error message displaying on top of the form. Now to figure out how to check for non-English chars in the fields. I think I'll also make a black list of words too that are common in some of the spam fields. "SEO", "Website design", etc...
Thanks for the help.
Added Event Switch, then put in this PHP code:
http://www.chronoengine.com/chronoforms-wizard-help.html?term=textarea
Edit: Ah, I got it working!
(No more Urls/Links allowed in comments/question field)"! Forks to fail(event loop) with the error message displaying on top of the form. Now to figure out how to check for non-English chars in the fields. I think I'll also make a black list of words too that are common in some of the spam fields. "SEO", "Website design", etc...
Thanks for the help.
Added Event Switch, then put in this PHP code:
<?php
// The Regular Expression filter
$reg_exUrl = "/(http|https|ftp|ftps)/";
if(preg_match($reg_exUrl, $_POST['textarea5'])) {
echo "No URLS in the comment field allowed!";
return "fail";
} else {
return "success";
}
?>
Hi, i have a similiar problem with spam too, maybe since a half year.
i think this could be a solution for me too, but i hav no idea how to do it. Is there a step by step description?
for example. All the spam is using in the "Company" field in my form the entry google . If i can reject the form everytime some one is writing google in the company field, the spam will end (so i hope)
ok, i can get no request from google any more, but anyway, the never asked before. ;-)
I use chronoforms in v5 at the moment. Where should i put which event or which code?
I would be very thankfull for your help.
i think this could be a solution for me too, but i hav no idea how to do it. Is there a step by step description?
for example. All the spam is using in the "Company" field in my form the entry google . If i can reject the form everytime some one is writing google in the company field, the spam will end (so i hope)
ok, i can get no request from google any more, but anyway, the never asked before. ;-)
I use chronoforms in v5 at the moment. Where should i put which event or which code?
I would be very thankfull for your help.
I've expanded the above php and have pretty much stopped 99% of spam through chronoforms. It checks for urls in message body and keywords of common spam messages.
<?php
$maxlength = 250;
$target = $_POST['message'];
// The Regular Expression filter
$reg_exUrl = "/(http|https|ftp|ftps)/";
$words = "/(\.com|websolutions|friendly|urgent|google|marketing|advertising|campaign|leads|sales|invest|keyword|visitor|redesign|development|testimonial)/";
if(preg_match($reg_exUrl, $target)) {
echo "<h2 style='color:red'>No URLS in this form allowed!</h2>";
return "fail";
} else {
if(preg_match($words, $target)) {
echo "<h2 style='color:red'>Spam/Solicitation message detected.<br>Do not use this form for your marketing!</h2>";
return "fail";
} else {
if (strlen($target) > $maxlength) {
echo "<h2 style='color:red'>Please limit your message to 250 characters.<br>No solicitating allowed!</h2>";
return "fail";
}
else {
return "success";
}
}
}
?>
Hi Bob,
I have the spam problem on my forms too.
Where do I put te code to make it work?
I tried several places and when I put the code on load I got the fail message on testing but also the message that the post was a succes. (and it was)
Regards,
Dorine Post
I have the spam problem on my forms too.
Where do I put te code to make it work?
I tried several places and when I put the code on load I got the fail message on testing but also the message that the post was a succes. (and it was)
Regards,
Dorine Post
This topic is locked and no more replies can be posted.
