Security Question Issue

Greetings, I have a site with forms on all pages. To keep it simple the client prefers the question as opposed to the number/letter thing. For the past 3 days the sites forms are being hammered by spam, right past the question security? The content of the spam is clearly bot posts for newsgroups, blogs, etc. and found a way in. The site is californiaequityinvestments.com
I am wondering if you are aware of this type of breach and perhaps have a solution. They are getting 20+ per hour. Thoughts? Here is a sample of the message content: (I have been blocking IPs via htaccess as I id them but they are using lots of different ones so this is not working)
> ----- Forwarded Message -----
> From: "quickinquiry@californiaequityinvestments.com"
> <quickinquiry@californiaequityinvestments.com>
> To: newplot1@yahoo.com
> Sent: Wednesday, September 3, 2014 11:36 AM
> Subject: QUICK INQUIRY FROM HOME PAGE
>
>
>
> Blank Template
> QUICK INQUIRY...HOME PAGE...
> A message from your home page quick inquiry
> Form Submitted:9-3-2014 | 2:36 PM EDT
> homePage submit:
> First Name:chaussure 2014 pour femme
> Email Address:wrdllkmo@gmail.com
> Last Name:http://yds.com.tw/program/imgs/ugg/20140831211127.asp
> Phone Number:chaussure 2014 pour femme
> Property Zip Code:chaussure 2014 pour femme
> Loan To Value Ratio:chaussure 2014 pour femme
> Loan Amount Needed:chaussure 2014 pour femme
> Verification:chaussure 2014 pour femme
> Comments:http://xagadoll.com/upload_files/image/sunglasses/20140831123804.asplunette de soleil
> chloe
> chaussure 2014 pour femme
> http://yds.com.tw/program/imgs/ugg/20140831211127.asp
> Additional Notes:Entire content of this transmission is the
> exclusive property of California Equity Investments. All rights
> reserved.

Make sure that the Validation behavior and the email behavior are both using the same trigger.

Originally Said By: Jason Byrnes

  Make sure that the Validation behavior and the email behavior are both using the same trigger.  

see private message

See pm

Originally Said By: Jason Byrnes

  See pm  

pm

the code for the triggers is slightly different:

at line 26, the trigger for validation is:
if (isset($_POST["homePage_submit_x"])) {

at line 50 the trigger for the email is:

if ((isset($_POST["homePage_submit"]) || isset($_POST["homePage_submit_x"]))) {


What this means is:
Validation will trigger on an image element type named homePage_submit.

The email will trigger on a submit button OR image element type named homePage_submit.

a hacker could bypass validation by creating a local copy of your form set to submit to your server that uses a submit button, it would bypass the validation but still trigger the email.

i updated both triggers so that the use the same code, this should prevent the problem.

Most likely, you have an older version of Data Bridge that was used to create the form.

Hi Jason,
Yep that was built a few versions ago. I am current now. Thank you so much.
You guys rock!

you're welcome.

pm

I edited only the home page, that was the only link you provided.

What i did was look at the code for the triggers:

  at line 26, the trigger for validation is:
if (isset($_POST["homePage_submit_x"])) {

at line 50 the trigger for the email is:

if ((isset($_POST["homePage_submit"]) || isset($_POST["homePage_submit_x"]))) {  

I Edited the code at line 26 to use the same code as line 500, so that both lines where the same:
if ((isset($_POST["homePage_submit"]) || isset($_POST["homePage_submit_x"]))) {