Forums

Email received with invalid fields : SPAM

yades 23 Feb, 2013
Hi

I use for several website chronoforms 4.0 RC3.21 with joomla 2.5 and I receive email with invalid fields. In my forms I have several text box with option required and some of them have email or phone format and captcha input is used too.

This is an example of email received for this forms http://www.ecolesaintleon-rouen.fr/index.php/nous-contacter.html
Formulaire de Contact
Prénom* turtowuw
Nom* Pharmk614
Téléphone* tpuywyrw
Email* orpyuiuo
*Champs obligatoires
Objet Inscription
Message Hello! cfedddf interesting cfedddf site! I'm really like it! Very, very cfedddf good!
Saisir le code PgRjZ
Submitted by 199.167.148.91


Sometimes I receive this kind of email from chronoforms
Nom : * {nom}
Téléphone : * {telephone}
Email : * {email}
Code postal départ : * {depart}
Code postal arrivée : * {arrivee}
Enter the code {chrono_verification}
Submitted by 173.199.116.11


Both IP address come from USA.

Do you know a solution to block this "SPAM" or "Attack"?

Yades
yades 24 Feb, 2013
Thanks Bob
I had watched on forum before posting but not on FAQ.

So I added honey pot

Cheers

Yades
yades 25 Feb, 2013
Hi Bob

Unfortunately even with honeypot, captcha and fields required, I received email this morning with curly brackets. I wonder if it's possible to accept only forms come from french IP address because each time spam come from USA. If yes, tell me how to do that.

Yades
GreyHead 25 Feb, 2013
Hi Yades,

The first example is a 'human' spammer (or a clever bot that broke the captcha). You'd block that example with a Serverside 'email' validation.

The second example is probably from a bot crawling the submit URL of the form. I'd expect that to be blocked by the Captcha? What actions do you have in the On Submit event?

You could limit to French IP addresses if you can find a list of valid French IP addresses - or use a GeoLocator code to unpack them.

Bob
yades 02 Mar, 2013
Hi Bob

As you wrote, Spam are a fact of life.

On Custom Code - Before Email(s)I have this code comes from your FAQ
<?php
if ( $form->data['confirm'] != '' ) {
$mainframe->redirect('http://www.ic3.gov/default.aspx');
}
?>

and I'm receiving regularly this kind of email
Nous contacter
Prénom* {prenom}
Nom* {nom}
Téléphone* {telephone}
Email* {email}
Société {societe}
Vous êtes {cible}
Votre projet* {projet}
*Champs obligatoires
Votre message* {message}
Recopier le code* {chrono_verification}


Captcha input works, honeypot fields works well (I tested it before to hide it), most of fields are required and even the format email of field's email is selected. The form is there http://auditfor-amo.fr/index.php/nous-contacter

Yades
GreyHead 02 Mar, 2013
Hi Yades,

Please will you turn on the IP Address in the Email temporarily to see if they are all coming from the same address? We have seen this with an internal site virus scanner before.

Bob
yades 03 Mar, 2013
Hi Bob

You mean to know the IP address from who sent the forms. I always turn on IP address in my forms.
I put all IP address in Excel sheet in attachments. All IP address are at this place L'utilisateur de l'adresse IP 173.199.120.83 (173.199.120.83.ahrefs.com - Choopa, LLC) est situé à Matawan (United States - New Jersey).

Yades
GreyHead 04 Mar, 2013
Hi Yades,

Someone else recently had problems with Choopa and got this reply from them:

These IPs belong to Ahrefs.com - our crawler just goes all over the internet to gather info for our analytics tools which is widely used by webmasters.

We never aimed at causing any inconvenience or overload to your site. If we do, you may block our bot following instructions from ahrefs.com/robot/



Bob
yades 04 Mar, 2013
Hi BoB

Thank you for your help. I modified robots.txt file and wrote to Arefs support.

I ll give you information about the results

Cheers

Yades
This topic is locked and no more replies can be posted.