Forums

We have our contact form through chronoforms. Lately we keep getting several of these weird emails a day, Can anyone tell me what I can do in chronoforms to stop this?

Thank you,

Diana

Received: from ortlorg by server2.standupgirl.com with local (Exim 4.80)
	(envelope-from <admin@ortl.org>)
	id 1UXt3S-00054z-Pd
	for ortl@ortl.org; Thu, 02 May 2013 07:56:10 -0500
Return-Path: <admin@ortl.org>
Reply-To: "Oregon Right to Life" <admin@ortl.org>
From: "Oregon Right to Life" <admin@ortl.org>
To: <ortl@ortl.org>
Subject: New ORTL Contact Form Message
Date: Thu, 2 May 2013 05:56:10 -0700
Message-ID: <4fa9ec8e02470f45b56c554561029c79@www.ortl.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00C4_01CE4717.3D4BF0D0"
X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
thread-index: Ac5HNGsJbbRPKjsfRAe34yZiZKojfQ==

This is a multi-part message in MIME format.

------=_NextPart_000_00C4_01CE4717.3D4BF0D0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: 7bit

ORTL Message from:	 
Full Name:	 1	 
Email Address:	 1	 
Message:	 1	 


Submitted by 67.212.162.98

------=_NextPart_000_00C4_01CE4717.3D4BF0D0
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" =
"http://www.w3.org/TR/html4/loose.dtd">
			  <html>
				 <head>
					<meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8">
					<base href=3D"https://www.ortl.org//" />
					<title>Email</title>
				 </head>
				=20
				 <body><table border=3D"0" cellspacing=3D"5" cellpadding=3D"5">
<tbody>
<tr>
<td colspan=3D"2"><strong>ORTL Message from:</strong></td>
</tr>
<tr>
<td><strong>Full Name:</strong></td>
<td>1</td>
</tr>
<tr>
<td><strong>Email Address:</strong></td>
<td>1</td>
</tr>
<tr>
<td><strong>Message:</strong></td>
<td>1</td>
</tr>
</tbody>
</table><br /><br />

Submitted by 67.212.162.98</body>
			  </html>

The main prevention here is to use Client Side Validation - the JavaScript validation that is built into ChronoForms. This will stop most 'normal' users from submitting a form if any required fields are missing or have the 'wrong kind' of entry in them.

Music Composing Software

Hi Diana,

Are you using something from SiteLock on your site? It's their IP address. If you are then the emails are probably being triggered by their security scans.

Bob

Thank you sushan and Greyhead,

I had auto server side validation so I changed that to auto javascript in the on submit event. Should auto java be in the on load event instead?

Yes, I do have sitelock set to scan our site because we were major hacked a couple of months ago. 2 weeks ago we have migrated the site to J2.5.9 and so I will slow the scanning down to monthly. Paid for a year so I thought may as well let sitelock do there thing.

Still learning Chronoforms little by little and very appreciative of the forum and all the experts that are here to help...........CHEERS to you!😀 😀

Diana

Hi Diana,

Clientside validation (aka JavaScript validation) is always in the On Load action as it needs to be set up when the page loads.

Serverside validation is always in the On Submit action as it runs when the form submits.

Please see this post for some code to block specific IP addresses - that should stop the post from SiteLock without you needing to change the frequency.

Bob

Hi Greyhead,
Sorry for such a late reply.......

Sitelock scan is an XSS scan that I can not change to monthly and I am not sure I can use the ban IP script you had me look at because of the daily scans. Sitelock told me I should use an different form component. Not what I want to do!

So going forward.......
In the chronoforms book, there is a mention of using server side validation for XSS cross scripting so I added that today. When using the server side validation, do I still select required for each of the fields separately or is adding those fields in the server side validation event all you need?

Here is my events for this form: not sure if I have the order right or not.

Any other suggestions on what to do with my issue is greatly appreciated.

Kindest Regards,
Diana

Hi Diana,

What's the problem you see with the 'ban ip' script? It seems to me that it does exactly what you need?

Bob

I am not sure it would be a problem. SiteLock is doing a major clean on the site because of hacking we had a couple of months ago and some suspicious code reappeared last week. After this is done tomorrow I will add the ban ip code.

Just was wondering if there was anything else I could do to stop it.

Thanks for your help...I will let you know the outcome after the code is in place.

Diana

Hi Diana,

Have SiteLock whitelist the form action URLs so that it doesn't ping them when it scans the site.

Bob

Thank you Greyhead, I will see if they can do that too. I added the custom script today so if nothing shows up tomorrow morning then that worked.

One observation I have discovered is that this issue only happens to 2 forms both of which I used the V4 wizard to create. The numerous other forms on our site were created with the older version and show up as a custom form after our migration to J2.5.11.

Any thoughts on that for me?

Thanks again for your continued help!

Diana

Hi Diana,

I don't know why the problem only occurs with the forms created with CFv4. It may be that you have Relative URL on (it's on by default) and the creates action URLs that look different to the older ones.

Bob

Hum....don't understand Can you direct me as to where I turn relative urls on and off?

I found another post that tells how to turn off relative urls. Keeping my fingers crossed that tomorrow there won't be xxs scan emails in my inbox.

So bummed, shutting off relative urls didn't work. In fact now I am getting double the emails. Any other suggestions?

Good news, I got to the bottom of this issue. Removing the chronoforms captcha did the trick. Using ReCaptcha stops the XSS hacking scans from sitlock. I only had the chronoforms captcha on 2 forms and those were the ones giving me this problem.
YAY!!!!!

Good day today!

Diana

Hi Diana,

Hmmm . . . then I guess that the Captcha wasn't set up fully, maybe the Event Loop was missing that actually makes it work?

Bob