Spam emails from website forms

Permalink
Does anyone have any ideas to stop Spammers sending timewasting emails from one of my forms other than a Captcha, as there isn't the area to add one of these without it looking incongruous?

Yesterday my customer got 50 Spam emails, today they got 196. Just wondered if anyone has had a similar problem and how they resolved it, without using a Captcha?

Thanks

thebigideasman
View Replies: View Best Answer
madesimplemedia replied on at Permalink Reply
madesimplemedia
What spam settings do they have on their mailbox?
Are all the fields required to be filled in?

You may be able to get at the HTML and use angularJS which has some nice options:
http://www.madesimplemedia.co.uk/news/form-validation-with-angularj...
thebigideasman replied on at Permalink Reply
thebigideasman
Thanks @madesimplemedia, however the form already has email validation and they are using our own email address.
JohntheFish replied on at Permalink Reply
JohntheFish
If they are coming from a known IP address you can use the dashboard IP Address Blacklist to manage blocking of an IP. However, c5 only applied that to user accounts, so you will also need to modify the php for the form block receiver or the email sender to check the blocked ip list. Spammers tend to be more sophisticated about their IP addresses, so such an approach will only catch the most basic.

In php, adding anything to the receiver for the form that detects where the form was posted from and the history of recent pages and confirms all are from your site may also help block unsophisticated spammers (though if anyone wanted to code up a spammer to explicitly target your form, such a defense could be circumvented).

Ultimately, you have to trade off the amount of spam you get vs the hassle for users of a captcha.
thebigideasman replied on at Permalink Reply
thebigideasman
Thanks also @JohntheFish, I did wonder if IP address blocking might be an option, but I think the Captcha does sound like the best option.

It would be great if someone could create a simple add-on that would block suspicious website form usage - like bulk emails sent in a short space of time. I'm sure it must be possible to set a series of rules based on how spammers operate; "if this happens, then...etc" - that's above my pay grade though lol.

Anyway, thanks for your input guys.
JohntheFish replied on at Permalink Reply
JohntheFish
There are several captcha addons, so you can test and find one that best suits your customer/users.

Integration of the ID blacklist with form response handling for the core form block or the mail helper would best be implemented as a pull request on the core.

You could check with the various extended form block developers and see if one of their addons already does something like that.
thebigideasman replied on at Permalink Reply
thebigideasman
Hi John,

I have added a Captcha to my form now, but my websitehttp://devon-lodge-holidays.com... is still getting majorly attacked by spammers via the footer email data capture form. Literally every 2 mins!

Just wondered if you had any more thought please?
exchangecore replied on at Permalink Best Answer Reply
exchangecore
I haven't actually had to implement this on any C5 sites of my own yet, but many wordpress sites you can block a large portion of spam / DOS things by simply blocking anything that tries to access with an empty user agent. I do so with the htaccess file. Of course it may be worth looking at your access logs to determine if this would provide you any help or not.

Basically, since a majority of 'bots' don't bother to fully emulate a browser, you can weed many of them out.

.htaccess file
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]


obviously you would put your existing rewrite rules underneath this so that if they do have an empty user string you don't even bother processing their request.
thebigideasman replied on at Permalink Reply 1 Attachment
thebigideasman
Hi @exchangecore,

Thanks for the reply, I have attached a screenshot of what the typical log looks like, as I'm not quite sure what you are looking for in this?

Also, thank you for the code. Do I take it that the completed htaccess file with the inclusion of your code, should read as follows?:

# -- concrete5 urls start --
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]
</IfModule>
# -- concrete5 urls end --


I appreciate your help

David
exchangecore replied on at Permalink Reply
exchangecore
I was actually referring to your http access logs (usually found in your control panel with your webhost if you are on shared hosting).

As far as your htaccess file it would look something more like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]
# -- concrete5 urls start --
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
# -- concrete5 urls end --
</IfModule>
thebigideasman replied on at Permalink Reply
thebigideasman
I have applied this and will let you know if it works.

Fingers crossed and thanks again
thebigideasman replied on at Permalink Reply
thebigideasman
It appears to have slowed the amount of spam, but not stopped it so far.
exchangecore replied on at Permalink Reply
exchangecore
unfortunately i'm not sure there's much more easy advice I could give you without taking a look at your access logs to try and find something else common between the submissions. If you'd like me to look into it further you can feel free to PM me since it's probably not the *best* idea to post your http access logs publicly anyway
thebigideasman replied on at Permalink Reply
thebigideasman
Actually there have been no more logged in the last hour, so I'm hoping that's it!

But thanks for your very kind offer, I may take you up on that if that's okay and they continue? I will update you in 24 hours, thanks again bud.
exchangecore replied on at Permalink Reply
exchangecore
Sure, if the .htaccess file actually resolves your issue be sure to mark it as the correct answer so future users know what solved the problem.
thebigideasman replied on at Permalink Reply
thebigideasman
Sure, will do. Thanks again
Steevb replied on at Permalink Reply
Steevb
Try this add-on, none of my clients get spam.

http://www.concrete5.org/marketplace/addons/automatic-email-obfusca...


BTW, the source code shows shed loads of errors.
thebigideasman replied on at Permalink Reply
thebigideasman
Errors? What sort of errors do you mean Steev?
Steevb replied on at Permalink Reply
Steevb
View code with Firefox, you'll see what I mean.
thebigideasman replied on at Permalink Reply
thebigideasman
Sorry, may as well be written Russian to me, can you be a bit more specific please Steev? Thanks
exchangecore replied on at Permalink Reply
exchangecore
Steve,

your plugin looks like it works well for what it does, but i'm not sure it will help prevent someone from spamming submits via the form, since there is no listed email address. Unless i'm mistaken?

EC
thebigideasman replied on at Permalink Reply
thebigideasman
All the spam I am receiving are random letters at Hotmail.com, for example this was the latest: [email protected] and all of the others are similar but different.
thebigideasman replied on at Permalink Reply
thebigideasman
Hi EC, sorry it did slow the traffic down to a dribble for a while, but later in the evening the site just got hit big time again. I have removed the form from the footer now for a few days, to see if they just go away.

I did notice my hosts 1and1 went down also at the same time and apparently this was across the whole of 1and1 and no one could get access to their control panels and I wonder if they got attacked and locked-down (they won't say why, hmmmmm!) and if you think there could be connection???

I have backed up my sites since just in case.
JohntheFish replied on at Permalink Reply
JohntheFish
Interesting, I had 1&1 access issues yesterday with one of my accounts.
exchangecore replied on at Permalink Reply
exchangecore
I highly doubt that you're receiving spam due to an attack on their servers. You are receiving spam due to the form on your website (at least that's been my understanding up to this point). It's not like they are just sending you spam email directly to your email account, I guess is what i'm getting at.

My next best recommendation would probably be to look at using a different CAPTCHA system. As mentioned in many other posts around the C5 site. I'd take a look at the reCAPTCHA add-on in the marketplace. It's free and may just solve your issues:

https://www.concrete5.org/marketplace/addons/recaptcha-captcha/...

Read through the documentation, looks pretty simple to implement.
thebigideasman replied on at Permalink Reply
thebigideasman
Yes, I'll give it a go, thanks.
Phallanx replied on at Permalink Reply
Phallanx
Give this a try to see if it helps.

http://sourceforge.net/projects/srprojecthoneypot/...
bringyourownbaby replied on at Permalink Reply
bringyourownbaby
Can you advise how you managed to resolve your client's spam issue? We are having the same problem at the moment. Many thanks in advance!
bringyourownbaby replied on at Permalink Reply
bringyourownbaby
Can you advise how you managed to resolve your client's spam issue? We are having the same problem at the moment. Many thanks in advance!