Forums

Hi, i have a problem with my room reservation form at https://baeren-ranflueh.ch (switcher inside the header slideshow). In fact there are 2 forms. One is the short form with check-in, check-out and room type field. On submit the data are send to the main form which opens in a modal window. The form is protected with Recaptcha V2. According to the debugger it should work properly. On submit an admin email and user conformation email is generated and the data are saved in the DB. All tested and working fine.
​
Since 2 weeks I'm getting spam entries with the same pattern but allways another IP address (this field I added additionaly as a hidden field). With the emails all mandatory field are transmitted, but in the DB there only check-in and check-out data saved. All other fields are empty inkluding the hidden IP address.
The serverside validation is enabled, the validation of security field as well.
​
How could this happen? Any idea how to prevent this?
​
Kind regards Helena

Dunno but you don't need to use a "hidden ip address field" you can just save {ip:} to the database field.

Hi, thanks but my problem is not the ip hidden field. The problem are the spam entries where no field data are safed in the DB even though the fields are mandatory. So my question is, how can they avoid the field validation and the Recapcha validation. There muss be another way how they submit the form. I need to stop those entries as soon as possible.

Hi Helena,
​
It's not clear to me how you would get the data correctly in the Email but not saved in the database. Is the DB Save action before or after the Email action? (And they should both be after the validation actions.)
​
Bob

Hi Bob
​
This ist exactly the question. The DB Save action is before the Email action. See the action settings in the attachement. For the server validation I have the auto server validation enabled in the form settings.
I also attached a part of the DB-Table. All test and real reservations are saved correctly, the spams not. Additionaly by the spams there is always the check-in and checkout date the same even though there is a custom date validation. We tested that many times and the validation ist working properly.
​
I also tried to track the Array data with following result:
​
​
POST - date_checkin_modal = 2020-21-01
POST - date_checkout_modal = 2020-21-01
POST - name = ngXWIlKxp
POST - email = ybarrowcliff@yahoo.com
POST - phone = 4295064305
POST - street = gtPLkHmcZJu
POST - place = FNeEQRnHsiVIm
POST - ip = 123.24.55.109
POST - room_type = Einzelzimmer
POST - rooms_amount = 2
POST - comment = PtIEjOGVCvNmd
GET - chronoform = zimmer-reservation-modal
GET - event = submit
​
I just try to understand how is this possible to get a hint how to prevent this.
​

Hi Helena,
​
Looking at the saved data all the empty records have in common that the Check-in and Check-out dates are the same. I suggest that you add a custom validation to check for that as presumably it makes no sense for a real application.
​
Bob

Hi Bob,
Thanks for the suggestion. I already did that yesterday and till now we didn't get any more spams. It's jut not the cleanest solution and will only work as long the pattern won't change.
It would be nice to know, how was it possible to work around the validations and to prevent the data saving. Was there another way to submit the form?
​
Anyway i guess we wont find that out und I hope mein problem was solved and nobody else will face the same problem.
​
Kind regards
​
Helena