Anti SPAM Techniques

Permalink Browser Info Environment
Hi Friends ::

One of our ProForm installs has been getting a lot of junk submissions lately even with CAPCHA active.

I've gone through our server logs and added some black lists based on IP info, but that only stopped the junk for about 24 until the spammer spoofed a new IP.

I'm wondering if you have any advice/best practices on how to mitigate this?


Type: Discussion
Status: In Progress
View Replies:
thebigideasman replied on at Permalink Reply
One of my websites had exactly the same issue and I only managed to stop it by taking an email newsletter sign-up form off the homepage as that was the main page being attacked and change the active captcha settings in Systems and Settings to reCAPTCHA which is a free add-on.

So far, this seems to have done the trick. Hope that helps?

concrete5 Environment Information

# concrete5 Version

# concrete5 Packages
Automatic Email Obfuscator (1.2.3), Content+ (1.2), Content Slider (1.2.5), Extended Form (2.7.3), Extended Google Map (3.3.5), Extern blank (1.0), FlexSlider (, Job Board (1.07), Jquery Galleria (2.2.3), Kwiks Slider (2.0.1), Lightboxed Image (0.9.2), Magic Heading (1.3), Nivo Slider (2.0.1), Nontab Scheduler (1.1), Open Graph Tags Lite (1.5), Page Auto Redirect (2.0), Personalized Hello (1.1.1), Picmonkey Image Editor (1.01), Pro Blog (12.4.4), Professional Buttons (2.0.0), Pro Forms (7.5.9), Redirect (1.1), SEO Attributes (1.0), Seo Manager (2.5.3), Simple Accordion (0.9.3), Site Notifications (1.0.1), Social Share Lite (1.3.1), Sortable Responsive Gallery (1.8), stressdesign Theme (2.0), Whale Social Links (1.1.3).

# concrete5 Overrides
blocks/content, blocks/problog_list, blocks/file, elements/files

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - On - If blocks on the particular page allow it.
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software

# Server API

# PHP Version

# PHP Extensions
apache2handler, apc, bcmath, calendar, Core, ctype, curl, date, dom, ereg, filter, ftp, gd, gettext, hash, iconv, imap, json, libxml, mbstring, mcrypt, mysql, mysqli, openssl, pcre, Phar, posix, Reflection, session, SimpleXML, sockets, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zip, zlib.

# PHP Settings
max_execution_time - 30
apc.max_file_size - 1M
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 1000
memory_limit - 128M
post_max_size - 128M
sql.safe_mode - Off
upload_max_filesize - 128M
mysql.max_links - Unlimited
mysql.max_persistent - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - nocache
session.gc_maxlifetime - 7200

Browser User-Agent String

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.