Form SPAM

We continue to have major complaints from clients about SPAM submissions via general inquiry forms on their  BC sites.  All forms have the difficult version of captcha (not recaptcha), but that does not seem to slow the SPAM down.  All SPAM submissions seem to include a URL in the comments field, which appears to be their objective.  Are their other creative solutions to block these bogus submissions?  Can I restrict links or URLs from being added to the comments field? Any suggestions would be appreciated.  Thanks,  Brian

Hi,
There's no known way to restrict this from being add within comments. 
However I would recommend submitting a case on these various spam submissions so support can investigate further to help at least reduce this within the site somehow. 
Kind regards,
-Sidney

Similar Messages

  • Do Flash Forms kill form spam?

    This may be a real newby question. Is it possible to stop
    100% of form spam by using a hidden field in a Flash form, and then
    simply testing for is presence on the page the form posts to? Is it
    really this easy?

    Flash forms have a lot of disadvantages compared to html form
    for both the user and the developer. If spam is your concern, look
    up a concept called captcha.

  • The simplest of form spam traps

    I feel as if I am just one step away from solving my form spam problem. I want to institute the simplest of traps in my form.cgi file, whereby I check a hidden field for any content or I check a field for specific content ("what is 5 x 5"). I just don't know how to code that. Anyone with an idea?

    CGI files are normally written in Perl. Without seing your form code, nobody is likely to be able to help you. And if it is written in Perl, you'll need to find a Perl expert. I don't know anyone in this forum who uses Perl.

  • Web form spam continued . . .

    HI, I have tried adding a hidden field to my web form to help reduce spam. I am not sure what I tried will work and do I need to and how do I add some code to specify do not process form if this field is filled in?
    Here is what I tried so far and any help would be awesome - Thanks Jim
    <!--- rest of form above--->
    <div style="display:none; visibility:hidden;">
         <label for="contact_email">Please leave this field blank:</label>
         <cfinput type="text" name="contact_email">
    </div>
    <div class="register">             
                <cfinput type="submit" name="submit" value="Register">
                <cfinput type="reset" name="Reset " value="Reset Form">         
    </div>
                   </fieldset>
    </cfform>

    I cannot see how anything you've said or done so far will help reduce web-form spam. Assuming you wish to prevent someone from maliciously submitting a form 10000 times to your site, then you have to use a CAPTCHA.
    There is no easy, 1-2-3 way to add CAPTCHA to your application. However, some ways are easier than others. I would recommend Raymond Camden's Quick and dirty CAPTCHA Guide - for ColdFusion 8. It uses Coldfusion 8's in-built CAPTCHA functionality, and is relatively easy to adopt.

  • Web form spam by humans?

    I have an employment application form that is getting spammed. The form has a captcha so I'm assuming it is a human filling out the form. I'm looking for any ideas or tips for reducing the amount of spam.
    The solution may be putting the employment application form in a secure area and having applicants sign up.

    Please see this reply http://forums.adobe.com/message/4364404#4364404

  • Web form spam

    Hi I am a novice CF dude. I have a web registration form that gets bogus registrations and I am trying get my users to type in a word to help limit spam. I am not sure how to do this and google and the forums do not show any cf examples.
    I have tried various versions of the following
    <cfset enter="alignment">
            <p><em>Please enter the word <cfoutput>#enter#</cfoutput> in to the field below to help us limit spam.</em></p>
            <br />
             <div class="register">
    <label for="enter">Enter alignment:</label>
                <cfinput type="text" name="enter">
                <cfinput type="hidden" name="enter_required">
            </div>
    If a user does not fill in the field, it will not submit. However, it will accept any text and I want it to except only alignment. any help most appreciated.
    Jim

    I have placed it inside of a .zip file now:
    http://www.betterppt.com/form.zip
    I have found instructions for a procedure that is precisely what I am driving at:
    http://www.blogx10.co.uk/preventing-spam-form-submissions-with-css-and-cgi-5
    But the syntax appears to be slightly different than what is used in my form.cgi script. Or I'm doing something wrong. Probably the latter...

  • First form Spam

    Congratulations to me...my first spam from a form!
    Anyway, submission result below, is this typical or does it
    look like
    someone is just trying to be funny? And should I bother to
    reject the ip
    address for future submission?
    Second, would it work to simple create an image with text on
    it that a
    submitter would need to type into a validation required
    field, ot do I need
    to get a captcha program?
    Visitor's IP: 213.163.65.163
    name: twlquf
    company: CcZzfwCuDl
    phone: xxx-xxx-xxxx
    email: [email protected]
    url:
    http://iniwspjtyvow.com/
    comments: Z7n4aT <a href=\\\"
    http://yvnfnclmrgcq.com/\\\">yvnfnclmrgcq</a>,
    [url=http://hfiruvyygzee.com/]hfiruvyygzee[/url],
    [link=http://cwmcmspubdvb.com/]cwmcmspubdvb[/link],
    http://wvyqmkocszfi.com/

    Thanks so much, so this is what the total script looks like,
    and I have
    changed the from label from address2 to address. Does this
    look good?
    include("thankyou.php");
    // Receiving variables
    @$pfw_ip= $_SERVER['REMOTE_ADDR'];
    @$name = addslashes($_POST['name']);
    @$company = addslashes($_POST['company']);
    @$phone = addslashes($_POST['phone']);
    @$email = addslashes($_POST['email']);
    @$url = addslashes($_POST['url']);
    @$comments = addslashes($_POST['comments']);
    // Validation
    if (strlen($phone) <8)
    die("<p align='center'><font face='Arial' size='3'
    color='#FF0000'>Please
    enter a valid phone</font></p>");
    if (strlen($phone) >15)
    die("<p align='center'><font face='Arial' size='3'
    color='#FF0000'>Please
    enter a valid phone</font></p>");
    if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+',
    $email))
    die("<p align='center'><font face='Arial' size='3'
    color='#FF0000'>Please
    enter a valid email</font></p>");
    // checks if bot
    if ($_POST['address'] != '' ){
    die("Changed field");
    //Sending Email to form owner
    $pfw_header = "From: $email\n"
    . "Reply-To: $email\n";
    $pfw_subject = "Submission from website";
    $pfw_email_to = "leftoutforpostreason";
    $pfw_message = "Visitor's IP: $pfw_ip\n"
    . "name: $name\n"
    . "company: $company\n"
    . "phone: $phone\n"
    . "email: $email\n"
    . "url: $url\n"
    . "comments: $comments\n"
    . "This message was sent by the trial version of PHP-Form
    Wizard, To Get the
    full version please use this link:
    http://tools4php.com/form-wizard/order.html";
    @mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header
    "eclipsme" <[email protected]> wrote in message
    news:[email protected]...
    > GPaul wrote:
    >> Thank you to everyone for helping, and sorry for the
    delay, I ran into
    >> some other issues that needed attention.
    >>
    >> So I have changed it to the #important DIV, and it
    does not appear to
    >> show up (only checked one computer), and I like the
    idea of just letting
    >> it die if the form field is filled out, as listed
    below. Where does that
    >> script end? Is this how the script should be?
    >>
    >> // checks if bot
    >>
    >> if ($_POST['address2'] != '' ){
    >>
    >> // The hidden fields have been changed
    >> // Do something
    >> die("Changed field");
    >>
    >> } else {
    >>
    >> }
    >>
    >> And leave out the
    >>
    >> // Do more error checking?
    >> // Send the email
    >> // Do the rest of your script
    >> // Don't forget the final brace
    >>
    >>
    >>
    >> Thanks again for all the suggestions.
    >>
    >> Gary
    >>
    > Any line in PHP that begins // is a comment and have no
    effect on the
    > script itself. You could also leave out this:
    >
    > else {
    > }
    >
    > Harvey

  • Php contact form spam

    I published a website two weeks ago and in the first week the contact form started getting hit with spam.  Here is an example of one of many similiar, note the email address is always different but yet a gmail acct:
    Name: クãƒã‚¨ 財布 公式
    Phone Number: クãƒã‚¨ 財布 公式
    Email Address: [email protected]
    Message: <a href="http://gagastore.meningitisfacts.com/">ガがミラノ 時計 人気</a>初直営店がいよいよOPEN! http://gagastore.meningitisfacts.com/
    Today, I have set up filters on the email (GoDaddy) blocking anything with a "http://" and the "ガがミラノ 時計 人æ°" markings.
    I am trying ever which way not to use Captcha because it is such a pain.  I did read up on the timer where if it is filled out in less then 5 seconds to discard. I did place a hidden field last week and to date that has made zero difference.
    My question is - Is there a good latest and greatest code that I can update to my form to combat against these JERKS?
    BTW - so far it appears they only start hitting the site's contact form from Friday til Saturday.  Makes me wonder if it is a human rather than a bot.

    jlkappler wrote:
    I published a website two weeks ago and in the first week the contact form started getting hit with spam.  Here is an example of one of many similiar, note the email address is always different but yet a gmail acct:
    Name: クãƒã‚¨ 財布 公式
    Phone Number: クãƒã‚¨ 財布 公式
    Email Address: [email protected]
    Message: <a href="http://gagastore.meningitisfacts.com/">ガがミラノ 時計 人気</a>初直営店がいよいよOPEN! http://gagastore.meningitisfacts.com/
    Today, I have set up filters on the email (GoDaddy) blocking anything with a "http://" and the "ガがミラノ 時計 人æ°" markings.
    I am trying ever which way not to use Captcha because it is such a pain.  I did read up on the timer where if it is filled out in less then 5 seconds to discard. I did place a hidden field last week and to date that has made zero difference.
    My question is - Is there a good latest and greatest code that I can update to my form to combat against these JERKS?
    BTW - so far it appears they only start hitting the site's contact form from Friday til Saturday.  Makes me wonder if it is a human rather than a bot.
    One way to test if it is human or bot is to return the contents of the 'honeypot' field in the mail too . (Once you establish if its human or a bot you can do something about it or not as the case may be). To me it looks like a bot and the honeypot field will contain information as well.

  • Enquiry Form Spam

    Two things.
    I have an Enquiry Form on my site and every now and then I
    receive a reply which is totally blank and although some fields are
    mandatory (name, email address), which I have set a behaviour for.
    I am puzzled how this gets through the system.
    The next is gobbledygook entries.
    Every now and then I receive something like the reply below,
    is the way around this to ask the user to fill in some random
    numbers like we have probably all seen somewhere on a form, and if
    so, how are these generated?

    Or a much simpler way than captcha is this (requires php
    enabled
    hosting)
    http://geekministry.com/blog_article.php?id=40
    or the extended
    version
    http://www.avenuedesigners.com/blog/articles.php?ref=30
    HTH
    Kim
    AlanShaw wrote:
    > Two things.
    >
    > I have an Enquiry Form on my site and every now and then
    I receive a reply
    > which is totally blank and although some fields are
    mandatory (name, email
    > address), which I have set a behaviour for. I am puzzled
    how this gets through
    > the system.
    >
    > The next is gobbledygook entries.
    >
    > Every now and then I receive something like the reply
    below, is the way around
    > this to ask the user to fill in some random numbers like
    we have probably all
    > seen somewhere on a form, and if so, how are these
    generated?
    >
    >
    >
    >
    > name: ????????
    > company name: ????????
    > Address: ????<a
    >
    href=http://http://www.well-racking.com/main.asp>????</a>??????????...??????????
    > :
    > ???????????????? ?? ???????? ??
    > ?????????????????????????????? ??
    > ?? ?????? ????/?????????? ?? ?????????? ?? ?????????? ??
    > ???????????????? ...
    >
    > Info Required: ????<a
    >
    href=http://http://www.well-racking.com/main.asp>????</a>??????????...??????????
    > :
    > ???????????????? ?? ???????? ??
    > ?????????????????????????????? ??
    > ?? ?????? ????/?????????? ?? ?????????? ?? ?????????? ??
    > ???????????????? ...
    >
    > telephone number: 020-78907890
    > email address: [email protected]
    > submit: Submit Form
    >
    kim
    http://geekministry.com

  • Stop Blank Form Spam

    I need to make sure I understand something.
    Bots take forms and fill all the fields with nonsense and submit them. In addition, they can work to use your domain to send emails in a spoof format. Bots do not pay attention to java nor css.
    Honey pots catch those types of attacks (random information in forms).
    If the above is true, then do bots send blank forms, also?
    Sorry for the noob questions.
    Rob

    This is probably a better way to go and the ex[lanation will help in understanding. http://apptools.com/phptools/forms/
    Gramps

  • Preventing HTML Form Spam?

    I've been trying to research ways to solve this problem for
    weeks now. Currently I have a contact form on this site with
    javascript validation that only allows a user to submit a form once
    the fields meet certain requirements (i.e. an actual e-mail
    addresses in the e-mail form, numerals only for the phone number,
    etc.) but apparently if the bot has javascript disabled they can
    bypass all these safeguards and submit the form regardless.
    I am not a programmer by any means, I am a Graphic Designer
    with decent HTML and CSS knowledge but little other programming
    knowledge. If anyone could point me in a direction that can help me
    solve this problem I would really appreciate it!
    Thanks.

    They would still have to do some server side programming for
    that... and
    since they aren't a programmer they can either hunt and
    install a script
    from say hotscripts.com or hire someone to do it.
    "Steve" <[email protected]> wrote in message
    news:[email protected]..
    > On Mon, 11 Dec 2006 15:17:16 +0000 (UTC), "meladorri"
    > <[email protected]> wrote:
    >
    >> I am not a programmer by any means, I am a Graphic
    Designer with decent
    >> HTML
    >>and CSS knowledge but little other programming
    knowledge. If anyone could
    >>point
    >>me in a direction that can help me solve this problem
    I would really
    >>appreciate
    >>it!
    >
    > Just add a form field that asks a simple question like
    "Enter the day
    > that follows Tuesday". Humans will answer correctly,
    bots won't.
    > --
    > Steve
    > steve at flyingtigerwebdesign dot com

  • Php code is not working as intended in a simple spam block solution

    Hi. I'm trying to get some simple php code (as suggested on a tutorial page I found) to work on my form submission test page in order to reduce/stop spam. However, the results so far have not quite been what I expected. Any help will be appreciated.
    Basically I used the code given in the two grey boxes on this tutorial page http://myphpform.com/form-spam.php (but had to add this <?php ... ?> around the code given in the second box, otherwise it wouldn't have worked!) for my test page, and the result was supposed to look something like shown on this page http://myphpform.com/contact.php and indeed when I previewed my page in offline mode it displayed as intended with the extra field similar to the "Access code:" as on this example page, however that's not what I got when I uploaded my page.
    What happens when I go to the live page is that as soon as it loads it gives me the message: "Wrong access code" before I even have a chance to look at the form there. It's the message the user is supposed to get when they input the suggested code incorrectly, but not when the page first loads! This is what the live test page basically looks like when I go to it http://www.scotiauk.com/contact/forms/smotsContactTest.php. I wonder what's going wrong?
    I actually noticed a short while ago, after 'viewing page source' (source code) on the live test page that the page is for some reason only displaying less than half of the html code and cuts off the rest of it (including all of the <body>) just at the point (at the end of the <head> section) where the couple of lines of php script (borrowed from the second grey box in the tutorial) were meant to be - the script that includes "Wrong access code". So I get why it shows a blank page with only that message in it but not why it removes all of the <body> code once it is live!
    Just for information, this is what the page is really meant to look like - minus the php code: http://www.scotiauk.com/contact/forms/smotsContact.html. That is the original page that I copied and tried to modify with the new code. So, any ideas will be appreciated, thanks!

    Just for information, this is what the page is really meant to look like - minus the php code: http://www.scotiauk.com/contact/forms/smotsContact.html. That is the original page that I copied and tried to modify with the new code. So, any ideas will be appreciated, thanks!
    The page that you have quoted contains an infection as the following warns.
    As far as your problem is concerned, you need to know how a from works. Have a look at this video.

  • Email Form With No Email Address

    Hello,
    I am trying to get more information on how I can help my
    clients reduce
    spam. I've normally built my forms by using:
    <form action=http://www.domain.com/cgi-sys/formmail.pl...
    <input type="hidden" name="recipient"
    value=[email protected]>
    but this obviously puts the email address right in the hands
    of the spam
    crawlers.
    Is there a way to eliminate having to show your recipient
    value in the HTML?
    Can someone tell me how this is done?
    Thanks in advance.

    "Nancy O" <[email protected]> wrote in
    message
    news:fdoo9p$516$[email protected]..
    > I use this one from DB Masters. It's a php formmailer
    script that
    conceals
    > email address inside the script - not in the form.
    >
    http://www.dbmasters.net/index.php?id=4
    >
    >
    > --Nancy O.
    > Alt-Web Design & Publishing
    > www.alt-web.com
    >
    >
    >
    > "TxWebdesigner" <[email protected]>
    wrote in message
    > news:fdojm4$if$[email protected]..
    > > Hello,
    > >
    > > I am trying to get more information on how I can
    help my clients reduce
    > > spam. I've normally built my forms by using:
    > >
    > > <form
    action=http://www.domain.com/cgi-sys/formmail.pl...
    > >
    > > <input type="hidden" name="recipient"
    value=[email protected]>
    > >
    > > but this obviously puts the email address right in
    the hands of the spam
    > > crawlers.
    > >
    > > Is there a way to eliminate having to show your
    recipient value in the
    > HTML?
    > > Can someone tell me how this is done?
    > >
    > > Thanks in advance.
    > >
    Note this utility has just been updated today to 4.5 (was in
    beta) and
    includes a number of optional Form SPAM Control fields
    (hidden field, timer,
    CAPTCHA e.g.) if you find your form being used to send SPAM.
    Jim

  • Can't send mail rcphosts blocked

    Hi folks for some reason I'm unable to send email at home. Works everywhere else except at home. I'm using a POP account and when I try to send a mail I get the following error message.
    The server response was: sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
    I know the address are good because I'm replying to recieved emails which I can still get, and I know the settings are good because I use the same account from my work machine. Pinged STMP server and thats ok and I've firewall turned off
    Any suggestions?

    Andrew,
    Goggle with rcpthosts, and you will note several topics about this problem. One of them is pasted below:
    http://forum.qmailrocks.org/archive/index.php/t-352.html
    It is a form SPAM protection to such a list, but I don't have such a service.
    One thing mentioned is the need to Authenticate the SMTP -- how are you authenticating this SMTP (btw, you keep misspelling SMTP in your posts)?
    Ernie

  • OT: Site security

    Check out this article. It's about a new service that will
    check your site's reputation and security.
    http://www.informationweek.com/news/showArticle.jhtml?articleID=199600394

    security is a cat and mouse game that goes around in circles, regardless of what technology we're talking about.  What's good today is bad tomorrow (not literally but you get the point).
    you should choose what best fits your needs and your required level of security.  Anything is better than nothing, but anything isn't everything.  From javascript/ajax, custom programming, validation techniques (example: honeypots, captcha,..), and server side considerations, to secure forms there are countless counter measures that can be used.
    dreamweaver provides users with an AJAX framework called SPRY, that has form field checks that are easy to implement and will help secure your forms by requiring data entered follows format standards and that they are required to execute your sql.  are they full proof and impenetrable, no, but they are an excellent step in protecting your database from unnecessary form spam.  unless you have a reason to suspect you will be a high value target for attacks, this basic counter measure should suffice, especially combined with the honeypot or captcha technique.  You can also integrate some if else statements using php to verify the existence of, and sanitize, the required form fields in the rare situation the user doesn't have javascript support.

Maybe you are looking for

  • Video is not sync with its audio and imported material is degraded

    I'm new to Adobe Premiere. Problem #1: Whenever i import videos (the one i captured using windows movie maker), and i play it in the program view, the video is degraded. [I've set the program view to high]. Problem #2: The other videos I import is no

  • Textarea ...  background-color:transparent   causing problem in IE7

    hello; when I use <textarea style="background-color:transparent " > IE7 does not accept input ... other browsers work fine; is there a way to get a transparent background for a textarea such that the textarea functions correctly in IE7 ( I haven't te

  • Quick look pops up in wrong screen

    I have 9 virtual screens enabled in Spaces and when I activate quick look on items located in the desktop it happens frequently that the pop-up preview window opens in another screen, for instance I choose to quick look a photo while I am in space 5

  • Firewire mystery?

    Both my firewire ports won't recognize a dang thing. They've just stopped. I go to the profiler and it says: FireWire Bus: Maximum Speed: Up to 400 Mb/sec Does that mean they're alive?! I've tried the powering down (totally disconnecting everything f

  • X200 wifi card occational​ly disappear!

    Hi, My X200 laptop was installed with windows xp professional SP3 and after nearly a year using it smoothly, I suddenly get in to trouble! My wifi card is now occationally disappear in the device manager (so I cannot connect to the wireless network).