Spam Issue

Greetings,

I built a website over 1.5 years ago using Form Builder 1.0. The form URL is at:

appointment.php

My client just reports to me the other day that for the first time they received a spam email generated by this form .

It looks like the spammer filled out all the right fields.

Any idea how they might have gotten past the Captcha script and the hidden form validation?

Thanks,
Martin

captcha validation is in place to prevent automated scripts from filling in the form and sending spam.

it cannot prevent a malicious person form filling in the form and sending the spam though. not all spam is sent by the same method. It is not really possible to prevent a person from filling in the form manually with spam content.

Thanks Jason! I thought that was the case...

Martin - you may want to double check the validation on the captcha field of your clients form. I am having a similar issue where it requires a value and will alert if it is empty but allows a non matching string of characters. This will allow a script to send spam through the form.

I am looking in to how to change this since it allows it out of the box. I know I came across a way to check the code to prevent a form submission if the codes do not match. If I find it I will let you know.

@roland: Can you send a copy of your page please so I can examine the code.

Sorry Jason - just seeing this now. Here is a link of a form created with Form Builder and the Captcha does not validate against the image. It does validate against a blank value.



wholesale.php

i need you to send a copy of the wholesale.php page in a zip archive so i can examine the code.

Sorry for another delay - I do not have email alerts on this - need to set that!
Here is the zip. Thanks for any assistance you can provide for why the captcha is not validating.

The form was set up using presets that I thought were pretty standard.

Originally Said By: Jason Byrnes

  captcha validation is in place to prevent automated scripts from filling in the form and sending spam.

it cannot prevent a malicious person form filling in the form and sending the spam though. not all spam is sent by the same method. It is not really possible to prevent a person from filling in the form manually with spam content.  

The only thing you can do is make it time consuming so its not worthwhile to complete…however then your real users will be discouraged too.

if someone can up with a solution to eliminate all spam they will be the next bill gates

your page is missing the server validation server behavior.

go to Window -> Server Behaviors, then click the plus button and select WebAssist -> Validation -> Server Validation

for the validation type, select Like Entry. next to the server variable, click the lightning bolt and select the Registration_group_field form element, when you click the plus button to add it, you will be prompted to select the comparison variable, select the captcha_Registration_group_field_2 session variable.