Form Spam - Anyone Else?

Issues related to forms.
Post Reply
User avatar
ColinM
 
 
Posts: 1038
Joined: Wed Feb 09, 2011 3:40 am
Location: Western Australia
Contact:

Form Spam - Anyone Else?

Post by ColinM » Sun Feb 28, 2021 3:33 am

Hi All,

Just thought I'd share an interesting experience I had with three of my Clients. Recently, and between them, they received over 200 spam emails through their web forms. Perhaps equally interesting is that each of them actually have mailto: in their website (yes, yes I know, but they insisted) and they weren't spammed.

I blacklisted the email addresses via their cPanel email accounts (of course that only black lists the sent from email address which can be phished to cloak the actual send to email address as identified in the reply to.

In each case I modified the web form via Form > Object properties > General (tab) > Advanced > Miscellaneous Tab and ticked
1) Enable server sided validation
2( Do not allow URLs in form data
3) Check if the domain of the specified email address is valid (look up MX record).

I'm pleased to say that after doing that, the spam ceased.

Well done to Pablo for putting those in.

Any one else had the same experience with Clients? - and for those that have, the above may be of some help.

All forms use Google's Captcha 2.
Yours truly
Colin M
Western Australia
My Website

GET MY SPAM BLOCKING EMAIL ADDRESS EXTENSION:
Forum Thread Link

Adrian
 
 
Posts: 88
Joined: Tue Jun 13, 2017 4:44 pm

Re: Form Spam - Anyone Else?

Post by Adrian » Mon Mar 01, 2021 3:02 pm

Helo Colin,

Ohhh, yes, a lot of spam email.

I have used another way to solve my problem.

My Solution is based on https://perishablepress.com/block-bad-queries/

that somebody has modified for me.

For my purposes, I use the Request of the server, the content of the fields Name, email Address and message of the form.

The form include a php file in the same directory on the server (bad-words.php) where I have defined some parameters, like "bad words".

Now, if the server request OR the title of the form OR the name of the form OR the message of the form have at least one "bad word", the email is considered spam, and the IP is redirected to hell. This all even if the capchta is correct.

If this is the case, an error is displayed and the spammer can not access again the form :-) The server respond with a "403=> access denied"

I think this will be a interesting option for the members of this forum ho know better php like me:-)to make for the WWB a better spam protection as a captcha. If desired, please contact me via email.

Regards, Adrian

User avatar
ColinM
 
 
Posts: 1038
Joined: Wed Feb 09, 2011 3:40 am
Location: Western Australia
Contact:

Re: Form Spam - Anyone Else?

Post by ColinM » Mon Mar 01, 2021 9:42 pm

Thanks for the response Adrian - an interesting solution.
Yours truly
Colin M
Western Australia
My Website

GET MY SPAM BLOCKING EMAIL ADDRESS EXTENSION:
Forum Thread Link

User avatar
Bluesman
 
 
Posts: 890
Joined: Mon Feb 01, 2016 5:43 pm
Location: Ecuador
Contact:

Re: Form Spam - Anyone Else?

Post by Bluesman » Tue Mar 02, 2021 1:43 am

Hi Colin... hope you're doin well down under :D
Just an experience... I had the Captcha 2 on one site and they started to get some spam. I just felt for testing the new hCaptcha extension provided by Pablo and changed. The spam stopped immediately and now after 3 weeks "No spam".
Looks like it does the work better... but we'll see.
"Make My Day"

See my Website

User avatar
ColinM
 
 
Posts: 1038
Joined: Wed Feb 09, 2011 3:40 am
Location: Western Australia
Contact:

Re: Form Spam - Anyone Else?

Post by ColinM » Tue Mar 02, 2021 2:14 am

Hey Bluesman,

That's interesting feed back about the hCaptcha - I'll keep that in mind if the three additional form spam filters that Pablo supplied don't permanently solve the issue. As previously mentioned, so far they are doing the trick.

Of course, the additional elements to consider is what management platform spam software you're using.

cPanel - Spam assassin - right click and block in email account - blocks sending email address - won't work if the send is spoofed (Phished).
cPanel - Spam assassin - EMAIL - Spam Filters - Show Additional Configurations - Edit Spam Blacklist Setting - add ACTUAL emails address if generic Domain - eg gmail.com - works but it's a manual process.
Non cPanel hosted email accounts - SpamExperts - MUCH better than Spam assassin.
Yours truly
Colin M
Western Australia
My Website

GET MY SPAM BLOCKING EMAIL ADDRESS EXTENSION:
Forum Thread Link

User avatar
BaconFries
 
 
Posts: 5330
Joined: Thu Aug 16, 2007 7:32 pm

Re: Form Spam - Anyone Else?

Post by BaconFries » Tue Mar 02, 2021 7:56 pm

Hi Colin I have a similar script that works along the same lines as Adrian. If you wish I can send it to you for you to check out. Let me know.

User avatar
ColinM
 
 
Posts: 1038
Joined: Wed Feb 09, 2011 3:40 am
Location: Western Australia
Contact:

Re: Form Spam - Anyone Else?

Post by ColinM » Tue Mar 02, 2021 10:05 pm

Hey BC,

Thanks Mate - I'll keep that in mind 8) and appreciate the offer.
Yours truly
Colin M
Western Australia
My Website

GET MY SPAM BLOCKING EMAIL ADDRESS EXTENSION:
Forum Thread Link

Post Reply