I created a site and a few forms with Chronoforms. I enabled the Anti-Spam and use fonts, and enabled JS validation and image verification. It all works, so you can not submit the form unless you enter the code shown. So how in the world is there a ton of spam getting through the forms?
Is a sample one, but there has been a ton.
Name:
yvWSLmCipZ
Email:
JXqbgBhljXPKlwfD
Phone:
zKdkydhT
Notes:
Thank God! Someone with brains sepkas!Is a sample one, but there has been a ton.
Hi hdwebpros ,
There seem to be people who just enjoy going round typing junk into forms for no apparent reason. There are some spambots that don't have JavaScript enabled; and there are ways of breaking the imageverification. Fortunately they are still pretty good deterrents just not 100%.
The next line of defence is to add a check in the ServerSide validation. In this case a check for a valid email would block the submission.
Bob
There seem to be people who just enjoy going round typing junk into forms for no apparent reason. There are some spambots that don't have JavaScript enabled; and there are ways of breaking the imageverification. Fortunately they are still pretty good deterrents just not 100%.
The next line of defence is to add a check in the ServerSide validation. In this case a check for a valid email would block the submission.
Bob
How could it be on and still have those invalid ones get through? I tried one and it wouldn't let me submit it without a valid email address.
Hi hdwebpros,
You have Serverside Email Validation set up already? What code are you using?
Bob
You have Serverside Email Validation set up already? What code are you using?
Bob
One example page would be http://www.creativedisplaysnow.com/item/1-dvd-display-holds-11-dvds.htm, but there are many pages with it on it. The exact form code is (created by wizard)
<div class="form_item">
<div class="form_element cf_textbox">
<label class="cf_label" style="width: 50px;">Name:</label>
<input class="cf_inputbox" maxlength="150" size="15" title="" id="text_0" name="text_0" type="text" />
</div>
<div class="cfclear"> </div>
</div>
<div class="form_item">
<div class="form_element cf_textbox">
<label class="cf_label" style="width: 50px;">Email:</label>
<input class="cf_inputbox required validate-email" maxlength="150" size="15" title="" id="text_1" name="text_1" type="text" />
</div>
<div class="cfclear"> </div>
</div>
<div class="form_item">
<div class="form_element cf_textbox">
<label class="cf_label" style="width: 50px;">Phone:</label>
<input class="cf_inputbox" maxlength="150" size="15" title="" id="text_2" name="text_2" type="text" />
</div>
<div class="cfclear"> </div>
</div>
<div class="form_item">
<div class="form_element cf_textarea">
<label class="cf_label" style="width: 50px;">Notes:</label>
<textarea class="cf_inputbox" rows="3" id="text_3" title="" cols="25" name="text_3"></textarea>
</div>
<div class="cfclear"> </div>
</div>
<div class="form_item">
<div class="form_element cf_captcha">
<label class="cf_label" style="width: 50px;">Verify:</label>
<span>{imageverification}</span>
</div>
<div class="cfclear"> </div>
</div>
<div class="form_item">
<div class="form_element cf_button">
<input value="Submit" name="button_5" type="submit" /><input type="reset" name="reset" value="Reset"/>
</div>
<div class="cfclear"> </div>
</div>
Hi hdwebpros ,
But the only validation visible there is client-side validation which is JavaScript dependent. Do You hae any code in the Server-side validation box on the Validation tab?
Bob
But the only validation visible there is client-side validation which is JavaScript dependent. Do You hae any code in the Server-side validation box on the Validation tab?
Bob
Sorry, I wasn't 100% clear at first. I meant that I made the email field required and also checked the email box (has to be email format). It is meant for a quick contact, so I will not be doing any kind of confirm emails. I just used whatever came with Chronoforms.
Hi hdwebpros,
Yes but we were talking about stopping spam.
If you use server-side validation to check that input for a valid email you will block submissions like the example you posted.
Bob
Yes but we were talking about stopping spam.
If you use server-side validation to check that input for a valid email you will block submissions like the example you posted.
Bob
For some reason the spam slowed down then stopped on that one site. Now, another site has it coming through. For example this came through
as the email. The email field has to be a valid email, so if you don't put one in it says
Somehow, it is getting by that and the captcha.
How else can I stop this?
Name
vfZjFDmIcfrPxnR
Phone
HwzQnTFZWduaGRL
Email
qhJnluScXeKyNQpoJjD
Best time to call
vIzKqorVYPrblrMF
Message
I was seruisoly at DefCon 5 until I saw this post.
as the email. The email field has to be a valid email, so if you don't put one in it says
Please enter a valid email address. For example [email]fred@domain.com[/email]
Somehow, it is getting by that and the captcha.
How else can I stop this?
I think a certain amount of spam is always going to get through...especially when there are so many impoverished folks in the world who will spam websites for a few cents each. I'd venture that 95% of the junk is getting filtered out -- not too shabby!
Hi hdwebpros ,
The Client-side JavaScript validation won't block spambots that have JavaScript disabled - you can do this with Server-side validation. (But even this won't block the human spam bots.)
Bob
The Client-side JavaScript validation won't block spambots that have JavaScript disabled - you can do this with Server-side validation. (But even this won't block the human spam bots.)
Bob
How do you include Server Side Validation to check whether email is valid?
I saw mentioned "code", but what code does one use?
I saw mentioned "code", but what code does one use?
Hi jjspelman,
In a Custom Serverside Validation action you could use a PHP filter:
Bob
In a Custom Serverside Validation action you could use a PHP filter:
<?php
if ( !filter_var($form->data['email'], FILTER_VALIDATE_EMAIL)) {
$form->validation_errors['email'] = "Please enter a valid email.";
return false;
}
?>Bob
Bob,
I added this code to a Custom Server Side Validation Action, but upon submission, end up with a blank screen, and the email still gets through with a bogus email address.
Can you please help? I want to launch this site yesterday. lol
I added this code to a Custom Server Side Validation Action, but upon submission, end up with a blank screen, and the email still gets through with a bogus email address.
Can you please help? I want to launch this site yesterday. lol
Hi jjspelman ,
There was a stray . at the end of the third line. Please try removing that.
Bob
There was a stray . at the end of the third line. Please try removing that.
Bob
I got the same result. Client is getting edgy, grrrrrr....
This is what I am using:
This is what I am using:
<?php
if ( !filter_var($form->data['email'], FILTER_VALIDATE_EMAIL)) {
$form->validation_errors['email'] = "Please enter a valid email.";
return false;
}
?>
I then found this code in Pakt Publishings on line Chronoforms book:
I get the same result upon submission: a blank white page and the form/email is still processed when using a bogus email address
<?php
$email = JRequest::getString('email', '', 'post');
$pattern = '/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i';
if ( !preg_match($pattern, $email) ) {
return "Please enter a valid email address in the email box.";
}
?>I get the same result upon submission: a blank white page and the form/email is still processed when using a bogus email address
This topic is locked and no more replies can be posted.
