Somebody is sending a fake ad every few days through my Chronoform.
The form has 2 functions - We receive an e-mail with the information entered and then the e-mail address and name is automatically (by my custom code) entered into a ConstantContact address list.
The hacker is apparently injecting HTML code in the form comments field trying to entice us to click on a functional link in the e-mail we receive.
The hacker also has entered a bad-acting link in the phone number field. I can't see how he did that as the validation works when I type in the phone field.
The sender's e-mail addresses and IP numbers vary somewhat.
In a pinch I did manage to add to my custom code to block (based on past string data) e-mail addresses from being entered in ConstantContact but that custom code seems to run after the e-mail is sent to us so we still get the e-mail with the bogus enticing links.
My Joomla and all add-ons are up-to-date. I read your page on How can I stop spam ... but some of the deeper technical aspects are daunting to me and my custom code doesn't seem to be able to stop e-mails from being sent.
I find it hard to believe the hacker is typing in the captcha but maybe he hasn't anything better to do. Could that be broken by automation now?
Clearly the hacker knows way more about Chronoforms than I and I fear he is monitoring this forum for ideas.
Any ideas how best to prevent processing these bogus form submittals with bad phone numbers and probably html tags in the comments?
Thanks
The form has 2 functions - We receive an e-mail with the information entered and then the e-mail address and name is automatically (by my custom code) entered into a ConstantContact address list.
The hacker is apparently injecting HTML code in the form comments field trying to entice us to click on a functional link in the e-mail we receive.
The hacker also has entered a bad-acting link in the phone number field. I can't see how he did that as the validation works when I type in the phone field.
The sender's e-mail addresses and IP numbers vary somewhat.
In a pinch I did manage to add to my custom code to block (based on past string data) e-mail addresses from being entered in ConstantContact but that custom code seems to run after the e-mail is sent to us so we still get the e-mail with the bogus enticing links.
My Joomla and all add-ons are up-to-date. I read your page on How can I stop spam ... but some of the deeper technical aspects are daunting to me and my custom code doesn't seem to be able to stop e-mails from being sent.
I find it hard to believe the hacker is typing in the captcha but maybe he hasn't anything better to do. Could that be broken by automation now?
Clearly the hacker knows way more about Chronoforms than I and I fear he is monitoring this forum for ideas.
Any ideas how best to prevent processing these bogus form submittals with bad phone numbers and probably html tags in the comments?
Thanks