Hello,
I've got ChronoForms installed on a Joomla 1.7 site. It tested perfectly and works like a charm. However, every few days I get blasted with anywhere between 15-30 messages that are all blank. Each field is required and captcha is enabled. I thought it might be spam, but with the captcha enabled, I don't understand how this could be. Also, in the database backup, no submitted forms show up.
They appear like this:
Name: {input_text_2}
Email: {input_text_5}
Phone: {input_text_4}
Message:
{input_textarea_10}
When testing and submitting forms on my own they all work just fine and show the correct information.
Any ideas as to what could cause this?
Thanks so much!
-Max
I've got ChronoForms installed on a Joomla 1.7 site. It tested perfectly and works like a charm. However, every few days I get blasted with anywhere between 15-30 messages that are all blank. Each field is required and captcha is enabled. I thought it might be spam, but with the captcha enabled, I don't understand how this could be. Also, in the database backup, no submitted forms show up.
They appear like this:
Name: {input_text_2}
Email: {input_text_5}
Phone: {input_text_4}
Message:
{input_textarea_10}
When testing and submitting forms on my own they all work just fine and show the correct information.
Any ideas as to what could cause this?
Thanks so much!
-Max
I have this too .... on my most recent one, the IP is Romanian so I suspect Spam .....
Hi mbittle,
Hmmm . . . I don't know. As far as I know, the ChronoForms Captcha should protect against spam from bots with JavaSCript disabled.
Bob
Hmmm . . . I don't know. As far as I know, the ChronoForms Captcha should protect against spam from bots with JavaSCript disabled.
Bob
Could it be a bug or some setting within ChronoForms? Something is generating these mass amounts of emails every few days.
Thanks,
Max
Thanks,
Max
Hi Max,
Not that I know of, or that has been reported here. Still possible though but I find it hard to imagine what it might be :-(
Bob
Not that I know of, or that has been reported here. Still possible though but I find it hard to imagine what it might be :-(
Bob
I got the same thing a couple of days ago. Bulk amounts of blank, but sent data. I installed a joomla managed IP banner and blocked that particular IP but today I'm getting hit by another. This one is filling in content but with obvious jibberish and spam. I've blocked that IP as well but I sense there will be more yet to come.
Tech Help Tickets
From TODAY (I broke the links so they wouldn't show here):
----------------
FROM 2 DAYS AGO:
--------
Tech Help Tickets
From TODAY (I broke the links so they wouldn't show here):
----------------
Contact Email: grfvtu @gfeemj.com
Contact Phone: 30614372453
Technology Trouble Report
Building: Main Building,HW Building
Room/Location: New York
Computer#: USA.
The problem is:
ZCRCYs vfnizykorivt, [url =http://lubulkoadrfa,com/]lubulkoadrfa[/url], [link =http://nziywhmscdjg, com/]nziywhmscdjg[/link], http//beetgviomlzd,com/
Submitted by 46.21.144.176
FROM 2 DAYS AGO:
--------
Contact Email: {ai_email}
Contact Phone: {ai_phone_number}
Phone Trouble Report
Building: {ai_building}
Room/Location: {ai_location}
Ext {ai_phone_ext} is having the below problems:
Problem is with the Phone(s) {ai_phone_problem} and {ai_tech_problem}
Submitted by 69.84.207.147
Hi euology,
I sympathise with you. I've just spent yet another hour removing spam from the forums here.
Bob
I sympathise with you. I've just spent yet another hour removing spam from the forums here.
Bob
Hi,
Just to pitch in; my personal experience over the years is that IP banning is getting less and less useful. A large source of spam these days originates from hijacked personal computers, of which most are assigned (new) dynamical addresses (DHCP) each time they're connected.
For a campus, depending on the network layout, you might be able to whitelist a range of addresses that belongs to the campus, and block everything else.
It's generally far mor efficient to filter the submitted data for tell-tales of spam. BB-codes is a good indicator (unless you explicitly added an editor to your form input), such as [url and [link. The same applies to web addresses ending in ,com rather than .com.
Further, the frequency of submitted posts could be an indicator, as the main reason for most form-spammers is visibility and pageranking.
Most of the above ideas do, however, require a fair bit of php-programming using serverside validation.
Still, every now and then you will have to do an audit of your current rules/filters, as spammers change their Modus operandi.
As for captchas, these days there's quite a market for captcha-solvers. Best defense here is to use a common captcha-service that tracks "rate-of-solves" for clients (such as recaptcha). If a client IP solves too many captchas over a number of websites in a limited set of time, further solves will be rejected - valid or not. Also, these captcha-services generally have a much faster response-time once the current implementation has been cracked.
/Fredrik
Just to pitch in; my personal experience over the years is that IP banning is getting less and less useful. A large source of spam these days originates from hijacked personal computers, of which most are assigned (new) dynamical addresses (DHCP) each time they're connected.
For a campus, depending on the network layout, you might be able to whitelist a range of addresses that belongs to the campus, and block everything else.
It's generally far mor efficient to filter the submitted data for tell-tales of spam. BB-codes is a good indicator (unless you explicitly added an editor to your form input), such as [url and [link. The same applies to web addresses ending in ,com rather than .com.
Further, the frequency of submitted posts could be an indicator, as the main reason for most form-spammers is visibility and pageranking.
Most of the above ideas do, however, require a fair bit of php-programming using serverside validation.
Still, every now and then you will have to do an audit of your current rules/filters, as spammers change their Modus operandi.
As for captchas, these days there's quite a market for captcha-solvers. Best defense here is to use a common captcha-service that tracks "rate-of-solves" for clients (such as recaptcha). If a client IP solves too many captchas over a number of websites in a limited set of time, further solves will be rejected - valid or not. Also, these captcha-services generally have a much faster response-time once the current implementation has been cracked.
/Fredrik
Hmmm...seems to have happened again after taking about two weeks off.
16 e-mails all the same and sent within a few minutes of each other.
Name: {input_text_2}
Email: {input_text_5}
Phone: {input_text_4}
Message:
{input_textarea_10}
No record of these in the database save that I have set up for the component. Captcha is enabled and all fields are required. Is this some sophisticated spammer or a bug in the component?
Any help would be much appreciated.
Thanks,
Max
16 e-mails all the same and sent within a few minutes of each other.
Name: {input_text_2}
Email: {input_text_5}
Phone: {input_text_4}
Message:
{input_textarea_10}
No record of these in the database save that I have set up for the component. Captcha is enabled and all fields are required. Is this some sophisticated spammer or a bug in the component?
Any help would be much appreciated.
Thanks,
Max
Hi Max,
Could you show us your form actions? I'm wondering if your email action is outside of the "on success" event of your captcha check?
/Fredrik
Could you show us your form actions? I'm wondering if your email action is outside of the "on success" event of your captcha check?
/Fredrik
Hi Fredrik,
Being outside the OnSuccess event would be OK provided that the Check Captcha action has an Event Loop action in the On Fail event to stop any further processing.
Bob
Being outside the OnSuccess event would be OK provided that the Check Captcha action has an Event Loop action in the On Fail event to stop any further processing.
Bob
Hi Max,
Sorry, I assumed you were using the "Wizard Editor" in CFv4.0, not the "Easy Wizard Editor". Events should be set up properly then.
Bob,
True, was rather thinking of an order-issue.
/Fredrik
Sorry, I assumed you were using the "Wizard Editor" in CFv4.0, not the "Easy Wizard Editor". Events should be set up properly then.
Bob,
True, was rather thinking of an order-issue.
/Fredrik
Is there much I can do from here? Is it a bug or does it sound more like spam?
Thanks,
Max
Thanks,
Max
Hi Max,
I assume you've verified that correct form submissions do get saved in the database and emailed properly.
Based on the large bursts of emtpy posts you get, I'd be inclined to believe it's a captcha-solving robot hitting your form. I do find it abit odd that there's no records in the DB though.
/Fredrik
I assume you've verified that correct form submissions do get saved in the database and emailed properly.
Based on the large bursts of emtpy posts you get, I'd be inclined to believe it's a captcha-solving robot hitting your form. I do find it abit odd that there's no records in the DB though.
/Fredrik
Hi mbittle,
Hmmm . . . I don't know. As far as I know, the ChronoForms Captcha should protect against spam from bots with JavaSCript disabled.Bob
Two measures on my phpBB Forum stopped spam applications dead. One was a "Question and Answer" captcha, and the other involved Blocking UTC-12 Registrations. Very clear details here:
http://www.phpbb.com/community/viewtopic.php?f=46&t=2122696
Could one, or both, these anti-spam measures be enabled or made to work on CF v4 forms? Thanks.
Hi zzafio,
Both suggestions are merely validation of two form inputs. Add the appropriate element to your form, and add a custom serverside validation action to test whether these fields are properly filled.
For the UTC-12 test; add a "Select" form element, and list all timezones, starting with UTC-12 as the first one:
Next, add a Custom Serverside Validation Action to the submit event, and set up the test-code like follows (assuming the above input has id "select_input_1"):
Finally, make sure you have an Event Loop action on the "OnFail event" of the validation to stop further processing of the events.
Doing the same for a Q&A would be done in a similar manner, though you'll have to figure the question and answers, and take into account typo:s, CamelCase, and other things real humans may do.
/Fredrik
Both suggestions are merely validation of two form inputs. Add the appropriate element to your form, and add a custom serverside validation action to test whether these fields are properly filled.
For the UTC-12 test; add a "Select" form element, and list all timezones, starting with UTC-12 as the first one:
-12=UTC-12
-11=UTC-11
-10=UTC-10
-9=UTC-09
-8=UTC-08
...Next, add a Custom Serverside Validation Action to the submit event, and set up the test-code like follows (assuming the above input has id "select_input_1"):
<?php
$timezone = JRequest::getInt('select_input_1', -12);
return ($timezone != -12);Finally, make sure you have an Event Loop action on the "OnFail event" of the validation to stop further processing of the events.
Doing the same for a Q&A would be done in a similar manner, though you'll have to figure the question and answers, and take into account typo:s, CamelCase, and other things real humans may do.
/Fredrik
I am also having this issue all of a sudden on my 1.6 site (so far not on any oof our 1.5 sites running ChronoForms). I do have Captcha enabled. Will upgrading to the most recent version J1.6_V4RC2.0 solve the problem?
Hi bigdaddy,
Bob
Will upgrading to the most recent version J1.6_V4RC2.0 solve the problem?
Not as far as I know. I don't think that there is any significant change in the Captcha code. Switching to ReCaptcha might help if the problem is that the Captcha has been broken.Bob
Hi,
I am also getting a number of these blank emails also for the last three months now. I managed to block the initial IP address but as already stated in this post the spammer just changed IP. I then added this IP to the array but this IP address is still getting through.
Submitted by 213.186.127.10. This IP is also listed on a blacklist.
I suppose a better way would be to block access via the Joomla .htaccess file but again this is a manual job that will need to be done every time a new IP is generated.
order allow,deny
deny from 199.168.142.166
deny from 213.186.127.10
allow from all
I am also getting a number of these blank emails also for the last three months now. I managed to block the initial IP address but as already stated in this post the spammer just changed IP. I then added this IP to the array but this IP address is still getting through.
Submitted by 213.186.127.10. This IP is also listed on a blacklist.
<?
if ( in_array($_SERVER['REMOTE_ADDR'], array('199.168.142.166', '199.168.142.167', '199.168.142.168', '213.186.127.10') ) ) {
return "You are not authorized to use this service!";
}
?>I suppose a better way would be to block access via the Joomla .htaccess file but again this is a manual job that will need to be done every time a new IP is generated.
order allow,deny
deny from 199.168.142.166
deny from 213.186.127.10
allow from all
Hi,
I´m using Joomla 3.x with Chronoforms 4.0.4 and I get also mass blank emails.
I have a good working invisible spam blocking what works great for years and still I get for this site blank emails.
So they must find a way around the spam blocks.
The form which I receive blank emails from is using the plugin to show the form in an article. I think they find a way in the plugin to reach the form and that is why no any spam blocking will help.
What I did is simple, I copied the form, give it an other name and linked it directly to the menu, no using the plugin any more.
And it works, no blanc emails any more.
I think there is a leak in the plugin.
Hope that you can find out why we all receive blanc emails.
Regards Stephanie
I´m using Joomla 3.x with Chronoforms 4.0.4 and I get also mass blank emails.
I have a good working invisible spam blocking what works great for years and still I get for this site blank emails.
So they must find a way around the spam blocks.
The form which I receive blank emails from is using the plugin to show the form in an article. I think they find a way in the plugin to reach the form and that is why no any spam blocking will help.
What I did is simple, I copied the form, give it an other name and linked it directly to the menu, no using the plugin any more.
And it works, no blanc emails any more.
I think there is a leak in the plugin.
Hope that you can find out why we all receive blanc emails.
Regards Stephanie
I forgot to tell, don´t use relative url form Joomla to link in an article to your form, I noticed when you use index.php?option=com_content&view=article&id=11 that I receive mass blanc emails and when I use the url of the menu that I didn´t receive them any more. But don´t forget to delete the form which was using for the blanc emails, and using an other name for your new linked form.
Stephanie
Stephanie
This topic is locked and no more replies can be posted.
