Forums

Hi all,
I've got validate ticked on all form elements, and for the phone number, 'phone number' validation is also ticked, and the number of items is numeric only.

All of these elements are put into a table and emailed to me, validation certainly works when I try to submit the form. (i.e. it fails nicely when phone number isn't filled out etc)

Yet I seem to be getting spammed by someone/something, where when I receive the email, the bottom few fields are empty.
How can this be?

Here is an example:
---------------------------------------------------------------
Dear foakleys,

Product: Rimu Scotch Chest Large High Country range
Number of items: <EDITED OUT email address>
Custom Requirements: While some blah blah <EDITED OUT some spiel>
Name: foakleys
Contact Phone: <EDITED OUT some url>
Email Address:
Town or City:
Payment method:
-----------------------------------------------------------------

As you can see, number of items while being 'numberic only' has an email addr in it.
Phone number has a non-phone number look, and the last 3 entries are empty but Required validation is ticked..

Is there some protection measures I should be taking?

Please help!

Hi Stylesoftware,

Please see this FAQ

Bob

Hi Bob,

Thank you for pointing me towards that FAQ, I had a read, I have validation on almost all parts of the form, and Capcha at the end of the form, but this morning got the usual weekly 100+ spam emails (we have 100 products on our site), the emails arrived with completely empty user parameters, even the name..

I do know PHP quite well, but I also know how tough it is to protect html forms, so instead of protecting the form, how about email content checking before sending?
Perhaps a check that fields a to d have more than 3 characters, and that field e has numeric, would totally knock out my spam problem. Is there a place in your code or front end, I could do some checking after submit, but before email send?

Kind regards

Hi Stylesoftware,

Yes, Serverside validation will let you add validation just like that. There's an Auto version which replicates the Clientside validation; and a Custom version where you can add any PHP check that you like.

If you are getting all 100+ at once then it's probably the result of a bot scanning your site. We've seen these set off by the GoogleBot, and by site security scanners.

Bob

Hi Bob,

That's fantastic! When reading your FAQ I didn't quite realise Server Side Validation was an option, it kinda looked more like a description of some code - something to be added manually. I now see that its both an option and customizable code after doing a search on your site for server side validation.

Thanks!