Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Form "Spam" issues

jo
john.murray 09 Apr, 2013
I've got a simple form that that sends results via email; all fields are required, using "phone" validation for phone number field, "email" for email field, etc, including a capcha field

http://baydosrvs.com/popup-trailers/new/112-flagstaff-205-mac

there is some custom code that inserts the page title:
<?php
if ( !$mainframe->isSite() ) { return; }
$article_id = JRequest::getInt('id', 0, 'get');
$title = '';
if ( $article_id ) {
  $db =& JFactory::getDBO();
  $query = "
    SELECT `title`
      FROM `#__content`
      WHERE `id` = ".$db->quote($article_id)." ;
  ";
  $db->setQuery($query);
  $title = $db->loadResult();
}
?>
<input type='hidden' name='title' id='title' value='<?php echo $title; ?>' /><div


We're getting huge numbers garbage submissions - most, but not all from non-us ip address blocks:

Model	 2009 Shock Wave 23FL	 
Name	 Naseef	 
Phone	 PboGzGLONfTpsD	 
Email	 diannep@gwiz.org	 
Notes	 It's much easier to unerdastnd when you put it that way!	 


Submitted by 122.1.23.66


It appears these submission are machine generated!

1) the phone validation doesn't appear to work
2) how would a machine get past the capcha field?

4.0 RC3.5.2
Gr
GreyHead 10 Apr, 2013
Hi john.murray,

JavaScript validation if only really useful to help users complete the form correctly, most spammers will browse with JavaScript off so completely by-pass it.

Also human spammers and some of the brighter bots can find their way past Captchas :-(

I'd add Serverside validation on a couple of the inputs and maybe block some IP addresses if they are used repeatedly. There are FAQs with more info.

Bob
jo
john.murray 10 Apr, 2013
I'm totally impressed! Check the FAQ's and turned on Server Side Validation

Beer on the way.....
Gr
GreyHead 10 Apr, 2013
Hi john.murray,

Thank you :-)

Bob
This topic is locked and no more replies can be posted.