Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Forms Hacked!

Ma
Mastertuki 23 Apr, 2013
Hello everyone.

I recently had a problem with ChronoForms. The forms have been hacked disabling javascript and breaking the captcha. I'm using Joomla 1.5 and ChronoForms 4.0 RC3.4.1

The forms are simple: Request to email, write some text (optional) and fill the captcha.

Is there a way to fix this?

Thank you.

PD: Sorry for my poor English.
Gr
GreyHead 23 Apr, 2013
Hi Mastertuki,

What do you mean by 'hacked'?

It sounds as though you may have received some spam emails from your form. If so, please see this FAQ.

Bob
Ma
Mastertuki 24 Apr, 2013
Yes, I received some spam mails.

What they do is, in the "mail", break the mail comprobations and then, things like mail, they write "GFDTRGJNkmKJ" and works. Not for me, if I enter in that form, I need to put a valid mail, but they dont. And the captcha below, they break it...

In this FAQ, I see many options ... The solution to my problem would be the last, right?
Gr
GreyHead 25 Apr, 2013
Hi Mastertuki ,

No, yours aren’t malicious, they are just Random text entries. Some ServerSide Validation should block them OK.

Bob
re
renierjvr 28 Feb, 2014
I have an implementation of ChronoForms at: http://ibanza.co.za/index.php/tester
I am using a Captcha, but yet I still receive unsolicited spam, such as the following:
"Full Names JerryMn
Mobile Number
eMail kl@aol.com
Erf Number
Street Name
Suburb
Service of Interest 4 Mbps @ R800 pm
Comments 5 trillionin the United States, and casino ways to pass up. casino free spins casino bonus utan insättning internet casino internet casino Online casinos have proven to treat gambling addiction need professional online gambling help treatments are similar to narcissistic behavior.
Enter Code
"

It seems they are bypassing the Captcha? What can I do? I have read the solutions offered in the link, but do not have such advaced skills.
Renier
re
renierjvr 28 Feb, 2014
I have now tried it myself to "hack" the form myself.
When I leave Captcha field empty it refuses to process the form as expected.
When I enter junk, it says I have entered the wrong Captcha text, but it STILL SENDS the form!? ie I receive the mail at the email address I specified, with the junk captcha.
Is this a bug with the code?
Gr
GreyHead 28 Feb, 2014
Hi renierjvr,

It sounds as though you have the Email action before the Check Captcha action in your form.

Bob
re
renierjvr 28 Feb, 2014
Ok Bob
Seems you were correct.
Entered Wizard Edit mode, and found the Email action within the OnSubmit action was before the CheckCaptcha action. Have changed it around and seems to have solved my issue.
Will monitor and confirm if this was also the cause of my spam problems.
Thank you for the pointer!
Regards
Renier
Gr
GreyHead 28 Feb, 2014
HI Renier,

The actions are run in sequence, so anything before the Check Captcha will run regardless of the Captcha setting.

Bob
This topic is locked and no more replies can be posted.