close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Stop Spam - 2018

Thread began 6/18/2018 10:13 am by Steve | Last modified 7/16/2018 2:12 pm by Steve | 129 views | 5 replies

Steve

Stop Spam - 2018

Hello,
re-Captcha from Google is no longer viable.
Honey Pots also fail.

These days there are applications like XRumer that spammers use to bypass our usual anti-spam code.
You can see from the attachment that reCaptcha was fully bypassed in sending this spam from one of our forms.

My latest attempt added a $_SESSION value on the sites home page and only submit the email sending and form submission IF the Session was present. But this causes issues if a linked page is used to enter the site and then the Contact form is used. And it does not work as the attached successful email / form submission was from a contact page that should have been secured by the session check.


Current screens on the email that went through are to make sure it's a page POST and the home page Session is present.
Next screen if the from email is fro, and address that ends in @mail.ru <- this actually works
Lastly the HoneyPot is that our comments field is not the actual comments field and if there is a value present do not allow passage.

php:
<?php if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_SESSION['loadCount']))  { 

    
// post and session set from home page so do check
    
$emailCheck substr($_POST['email'], -8);
        if (
$emailCheck != "@mail.ru") {  
?>
<?php 
if($_POST['comments'] =='' ) { ?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST")     {  //WA Universal Email
  
$Email = new WA_Email("waue_Contact_1");

...
...



Thinking those of us in the WA Community are not that large so we should be able to create a more unique environment that hacker programs would not catalog. Granted, I've seen the XRumer program noted as bypassing thousands of know form traps.

Next tests are breaking WA_Email.php or the email template pages using the $_SESSION values presence or not.

If anyone else has any working methods, please post them so we can all benefit. Especially those spams where people are contacting our Customers and noting how they would like to improve a websites SEO or Design.. That's getting personal when their trying to take away our Customers...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...