close ad
Help us test the new Databridge BETA with MySQLi support
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Spam Generated Emails From Form

Thread began 1/23/2013 6:47 pm by Martin | Last modified 12/26/2014 3:24 pm by Jason Byrnes | 4622 views | 19 replies |

Martin

Spam Generated Emails From Form

Greetings!

I have created quite a few sites using Form Builder when it was on it's own and now that it is in Databridge.

What is starting to happen is that quiet a few sites with forms on them are now getting successful spam submissions.

I have tried everything I can think of as to how they are able to get past the 5 digit random code and the hidden validation field. I have turned of JavaScript, but the Server Side Validation still stops me from being able to submit the same info they are.

One thing I see is that most of the phone validation is being passed with only 6 digits - usually "123456", even though I have them set to 10 digit (including area code) validation. I cannot get it to successfully submit with only the same at all. I have had some validate with a domain address in the phone field.

Any ideas on what I should do to check what might be causing this issue?

I can provide examples if you can give me an e-mail address to send them to.

Thanks!
Martin

Sign in to reply to this post

Jason ByrnesWebAssist

I'll start an incident so you can provide example and i can look at the problem.


To view and edit your support ticket, please log into your support history:
supporthistory.php

If anyone else is experiencing this same issue, please append to this thread.

Sign in to reply to this post

gary917

Spam Generated Emails from form

I have also started getting Spam generated emails from a form on one of my websites. My customer last week started getting an average of 20 bogus emails a day from their form. The web form was generated using CSS Form Builder with the Appointment form fields, including captcha. Can you help me out so I can get the problem fixed.

Sign in to reply to this post

Jason ByrnesWebAssist

double check that the Universal Email server behavior and the Server Validation server behavior both use the same trigger.

In the page I had examined with the OP, one server behavior was using the any form pos trigger and the other was using the Submit button pressed trigger, this can allow a spammer to by pass the validation and send the email.

If they both use the same trigger, by passing the validation will also bypass the email.

Sign in to reply to this post

bryan107833

I am using your forms on many site but have one site specifically that is getting spammed through the form a lot. Can you please look at this page and let me know if there is something that can be fixed. Thank you.

Sign in to reply to this post

Jason ByrnesWebAssist

you already have captcha on this form, so that will prevent spam getting through that is submitted through automated robots.

it cant prevent spam that is from a real person filling in the form though.

in the email body, you could add code to write the IP address of the person filling in the form:

<?php echo((isset($_SERVER["REMOTE_ADDR"]))?$_SERVER["REMOTE_ADDR"]:"") ?>


then when you get spam, you can ban the users ip address:

http://supportcenter.verio.com/KB/questions.php?questionid=504

Sign in to reply to this post

bryan107833

Sorry, there is actually 2 forms on this site and I attached the wrong page although both pages have captcha. Below is a copy of one of the spam emails and it definitely does not seem like a person is filling these in. I also attached the other php file. Thanks.

---------------
Form Submitted: 3-28-2014 | 11:09 AM PDT

Student first name: Bailey
Student last name: pRIjOJErjzg
Birth date: 10121985
Gender: Male
Admission grade: 4th grade
Admission year: 1985
Current grade: 7th grade
Current school: NGzRNyuUyV
First name: Bailey
Last name: XfoMizlZeZjrnpjly
Email: steep777@yahoo.com
Address 1: EZBaOxJfowzgCdK
Address: RrslNbkEgqDtHndeo
City: New York
State: UT
Postal Code: 3475
Phone: 69094058637
Country: USA
Hear about: VhBIYYKUrVZMwmySjDJ
Comment: Have you got any qualifications? buy hydroxyzine comparable NCPDP Reject Code, if one applies.
order furosemide Maintenance 21, 29, 40, 42, 43, 53 Relationship Code 9, 11, 15, 54
topamax online pharmacy (Provide Betty with DOB and SSN)

Hidden Field:
bayschoolappf submit: Submit
-----------

Sign in to reply to this post

Jason ByrnesWebAssist

on that page, the validation code block comes after the universal email code block


UE is at lines 7 - 93

validation is at lines 94 - 125

rearrange that so that validation comes first.

Sign in to reply to this post

david_wypasek441666

Several sites - same problem: Spam emails with and without captcha

In the same basic time frame, starting at the end of March through today (4/16/14) I have several (3-4) sites that use the UE webform, some with captcha and some without and all of them are now getting spam emails - most of them are blank.
I tried re-uploading the webforms, and I'm thinking of trying to re-upload all the Spry and other files, but seeing the validation before the UE code, I just reviewed and it's that way now.
Does the Open SSL problem Heart Bleed have anything to do with this?

Sign in to reply to this post

Jason ByrnesWebAssist

Heartbleed would not have anything to do with this.

On the forms that have server validation, make sure that the Server Validation comes before the UE code block./

also make sure that they both use the same trigger.

If the UE Code block uses the button press trigger, use the same button press trigger for the validation.

Server validation will only prevent automated spam, it will not prevent a person from filling in the form with spam.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...