Any Help Appreciated . . .

All WYSIWYG Web Builder support issues that are not covered in the forums below.
Forum rules
IMPORTANT NOTE!!

DO YOU HAVE A QUESTION OR PROBLEM AND WANT QUICK HELP?
THEN PLEASE SHARE A "DEMO" PROJECT.



PLEASE READ THE FORUM RULES BEFORE YOU POST:
http://www.wysiwygwebbuilder.com/forum/viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/getting_started.html
WYSIWYG Web Builder FAQ
Post Reply
Smee
 
 
Posts: 110
Joined: Fri Mar 02, 2018 11:03 pm

Any Help Appreciated . . .

Post by Smee »

I really miss Flash, as I had a great way to stop form mail spammers. Unfortunately, I can't use the software I created for a perfect captcha solution (looks the same as nucaptcha, but better).

I implemented a similar idea, however, it has to be a static number and cannot be dynamic (randomly generated) like I could with flash.

I use an HTML generated animation that has a number that stays the same, however, it isn't machine readable. Placed a requirement that the number displayed MUST be entered in order to send an email to my customer. If one enters the captcha, it shows up on the generated email that the number was entered and it displays the number. On these spam emails, that line does not appear, nor the number they must type to send the email form.

Somehow SEO spammers are getting through constantly with autogenerated emails. Is there a problem / hack that would allow someone to bypass the captcha text when done in WWB forms?

All my other sites use a third party email software, I use the same HTML5 file for captcha, and not one piece of autogenerated spam is getting through.

Page is at https://www.stevesbodyandframe.com/contact.php.

Do I need to migrate back to the other form software, or have I missed something in configuring the email form?
User avatar
BaconFries
 
 
Posts: 5328
Joined: Thu Aug 16, 2007 7:32 pm

Re: Any Help Appreciated . . .

Post by BaconFries »

Perhaps one of the following will be of use. Note remember that nothing is 100% full proof if someone wants to manually fill your form including the use of captchas then there is not much you can do to stop them.
hCaptcha
https://www.wysiwygwebbuilder.com/hcaptcha.html
Invisible reCAPTCHA
https://www.wysiwygwebbuilder.com/invis ... ptcha.html
Random Question CAPTCHA
https://www.wysiwygwebbuilder.com/randomquestion.html
reCAPTCHA v2
https://www.wysiwygwebbuilder.com/recaptchav2.html
reCAPTCHA v3
https://www.wysiwygwebbuilder.com/recaptchav3.html

Also from [rz] Paid
http://www.magnawebstudio.com/demo/captcha/main.html
Smee
 
 
Posts: 110
Joined: Fri Mar 02, 2018 11:03 pm

Re: Any Help Appreciated . . .

Post by Smee »

The problem is, not that the captcha has a problem, but rather they are going around the protection I have in place.

I actually use it on at least 5 other sites that I built and maintain. The difference is that I use a third party software on those sites to handle emails. The setup is the same as with WYSIWYG, however, the results are different. It's as if they have a way around the captcha.

When one is completing a form on this site, there is a line for inputting the three digit captcha. When the 3 digit captcha number does not appear in the site generated email, I know they have gone around it. While they should be redirected to an error page, their email is instead forwarded without inputting a required field that has to be a perfect match.
User avatar
Pablo
 
Posts: 21578
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Any Help Appreciated . . .

Post by Pablo »

What exactly did you do?
How did implement the code?

Note that the form processor script is on the same page as the form.
So, if you implement your own captcha then you will need to make sure fields are available in the submitted data. Just in case someone duplicates your form without the captcha.
Of course this has nothing to do with WWB. The form itself is standard HTML code.
Smee
 
 
Posts: 110
Joined: Fri Mar 02, 2018 11:03 pm

Re: Any Help Appreciated . . .

Post by Smee »

Pablo wrote: Sat Jul 11, 2020 8:34 pm What exactly did you do?
How did implement the code?

Note that the form processor script is on the same page as the form.
So, if you implement your own captcha then you will need to make sure fields are available in the submitted data. Just in case someone duplicates your form without the captcha.
Of course this has nothing to do with WWB. The form itself is standard HTML code.
Form mails are coming from the secure server where the site is hosted. Not sure how they are accomplishing this. It must be something I'm missing.

Here are the settings for the line in question. It has the following validation setup:

General

Mode: Default
Data type: Number
Error message: Captcha input incorrect. Please try again.

Data Length

Data Requires (has check)
Minimum 2
Maximum 5

Match

No value for value

Numeric Format

Field must be: greater than Value: 956
And must be: Less than Value: 958

Also tried using the "Conditions" to disable the send button if the correct info was not entered, but this ALWAYS produces an error. If the correct information is inserted in the captcha field, the button becomes active, but something is not being sent correctly because it always sends to error page and no emails are sent.
User avatar
Pablo
 
Posts: 21578
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Any Help Appreciated . . .

Post by Pablo »

Note that the validation tools are for validating user input, it does not protect your forms against spam.
It is easy to by pass validation by disabling JavaScript.

If there is a problem with your form then please share a demo project so I can see all your settings.
Related FAQ:
http://www.wysiwygwebbuilder.com/forum/ ... 10&t=82134
Smee
 
 
Posts: 110
Joined: Fri Mar 02, 2018 11:03 pm

Re: Any Help Appreciated . . .

Post by Smee »

Here is the form page and a link to the captcha.

http://www.ahgweb.com/wwb-15/testing.zip

It isn't that they are solving the captcha, they are bypassing having to input the captcha. When I receive the form, the line that contains the captcha solution is blank.

When I turn off javascript, the page will not load so how would someone disabling javascript enable them to bypass a captcha on a form they cannot see?
User avatar
Pablo
 
Posts: 21578
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Any Help Appreciated . . .

Post by Pablo »

A spammer can recreate the form and not include the captcha field.
So, I do not think your solution is reliable to prevent spam. You also will have to validate the input on the server (via PHP).
Smee
 
 
Posts: 110
Joined: Fri Mar 02, 2018 11:03 pm

Re: Any Help Appreciated . . .

Post by Smee »

Thanks.
Post Reply