Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › CSS Form Builder › Spam Issue

Spam Issue

Thread began 1/31/2012 8:10 am by Martin | Last modified 3/21/2012 11:45 am by Jason Byrnes | 2701 views | 9 replies |

1/31/2012 8:10 am | #1 Martin

Spam Issue

Greetings,

I built a website over 1.5 years ago using Form Builder 1.0. The form URL is at:

appointment.php

My client just reports to me the other day that for the first time they received a spam email generated by this form .

It looks like the spammer filled out all the right fields.

Any idea how they might have gotten past the Captcha script and the hidden form validation?

Thanks,
Martin

1/31/2012 9:12 am | #2 Jason ByrnesWebAssist

captcha validation is in place to prevent automated scripts from filling in the form and sending spam.

it cannot prevent a malicious person form filling in the form and sending the spam though. not all spam is sent by the same method. It is not really possible to prevent a person from filling in the form manually with spam content.

2/01/2012 10:08 am | #3 Martin

Thanks Jason! I thought that was the case...

3/11/2012 7:05 pm | #4 Roland Rogers

Martin - you may want to double check the validation on the captcha field of your clients form. I am having a similar issue where it requires a value and will alert if it is empty but allows a non matching string of characters. This will allow a script to send spam through the form.

I am looking in to how to change this since it allows it out of the box. I know I came across a way to check the code to prevent a form submission if the codes do not match. If I find it I will let you know.

3/12/2012 7:14 am | #5 Jason ByrnesWebAssist

@roland: Can you send a copy of your page please so I can examine the code.

3/15/2012 9:29 pm | #6 Roland Rogers

Sorry Jason - just seeing this now. Here is a link of a form created with Form Builder and the Captcha does not validate against the image. It does validate against a blank value.

wholesale.php

3/16/2012 9:51 am | #7 Jason ByrnesWebAssist

i need you to send a copy of the wholesale.php page in a zip archive so i can examine the code.

3/21/2012 7:47 am | #8 Roland Rogers

Sorry for another delay - I do not have email alerts on this - need to set that!
Here is the zip. Thanks for any assistance you can provide for why the captcha is not validating.

The form was set up using presets that I thought were pretty standard.

Attached Files

wholesale.zip

3/21/2012 11:20 am | #9 toms016390756

Originally Said By: Jason Byrnes

The only thing you can do is make it time consuming so its not worthwhile to complete…however then your real users will be discouraged too.

if someone can up with a solution to eliminate all spam they will be the next bill gates

3/21/2012 11:45 am | #10 Jason ByrnesWebAssist

your page is missing the server validation server behavior.

go to Window -> Server Behaviors, then click the plus button and select WebAssist -> Validation -> Server Validation

for the validation type, select Like Entry. next to the server variable, click the lightning bolt and select the Registration_group_field form element, when you click the plus button to add it, you will be prompted to select the comparison variable, select the captcha_Registration_group_field_2 session variable.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.