Form Spam

This section is for posting questions which are not directly related to WYSIWYG Web Builder.
Examples of off topics: web server configuration, hosting, programming related questions, third party scripts.

Note that these questions will generally not be answered by the administrators of this forum.
Post Reply
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Form Spam

Post by Magical »

Greetings,

I am getting spam on a form which has the recaptchav2. It also appears the spam is bypassing a required constraint for the message field to have at least 40 characters. I have checked the recaptcha and its functional as well as the validation constraint for 40 characters. Any thoughts how this could happen? and what would be a way to prevent it.
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

Is reCaptcha part of the form?
Note that reCaptcha is a service of Google, so I have no control over the way it works.

Also note that validation is not a restriction, but rather a guideline for the user.
For example, it is possible to bypass JavaScript via the browser's debugger.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Recaptachav2 is part of the form. When I don't click the check box it sends me to the recaptcha failure page.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Looking at the data in the name field, I think its the same bot. Its just repeating 5a579xxx, The IP addresses are all TOR exit nodes.


Values submitted from web site form:
IP Address : 51.15.34.214
Referer : xocomputers.com/index.html
Name : 5a5799c4f3c56
Email : treading@applied.com
Phone :
Message :

Values submitted from web site form:
IP Address : 93.115.95.205
Referer : xocomputers.com/index.html
Name : 5a579bd48461d
Email : kingsley.asanji@yahoo.com
Phone :
Message :

Values submitted from web site form:
IP Address : 176.10.104.240
Referer : xocomputers.com/index.html
Name : 5a579bdc32260
Email : lynneofivory@yahoo.com
Phone :
Message :
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

Maybe the messages were sent manually?
Or maybe you have another form on the website without recaptcha?
User avatar
Rob
 
 
Posts: 202
Joined: Sun Jan 29, 2012 2:54 pm
Location: MN
Contact:

Re: Form Spam

Post by Rob »

The normal captcha seems to work on for me - for the sites that have it. Adding it back to the ones that don't to cut down on spam.

As an alternative - I wonder if it is possible to add a field that is hidden from the user but is set up to "require" that the field be empty. So if a robot tries to fill out the form it will want to fill in this field and the form won't work. Have not tried it myself but Thoughts?

I do assume there are a number of seo spammers who go to website portfolios and manually spam all the sites on there. Gotta get fancy to filter those out.
The Website Guy - MN
Small Business Web Design
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Pablo wrote: Fri Jan 12, 2018 7:22 am Maybe the messages were sent manually?
Or maybe you have another form on the website without recaptcha?
That was my first thought. I checked for it, nope its the only form, besides the php code has the captcha requirement. I was looking for a way to get the captcha response in a hidden field on the form so I could trace if the captcha was even executed.

I have heard some of chatter of "headless" browsers, where they can directly call the script and pass all the fields and in doing that sending a false value for the captcha.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Rob wrote: Fri Jan 12, 2018 4:02 pm The normal captcha seems to work on for me - for the sites that have it. Adding it back to the ones that don't to cut down on spam.

As an alternative - I wonder if it is possible to add a field that is hidden from the user but is set up to "require" that the field be empty. So if a robot tries to fill out the form it will want to fill in this field and the form won't work. Have not tried it myself but Thoughts?

I do assume there are a number of seo spammers who go to website portfolios and manually spam all the sites on there. Gotta get fancy to filter those out.
Great idea! I will try the alternative. Still getting a few spams from the same bot. Thanks.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Adding a hidden required field didn't not work. It prevented the form from submission and kept asking to complete the hidden field. Back to the drawing board.
User avatar
Rob
 
 
Posts: 202
Joined: Sun Jan 29, 2012 2:54 pm
Location: MN
Contact:

Re: Form Spam

Post by Rob »

is the field "required to be empty" "data required" checked yes, min = 0, max = 0. Pablo, thoughts?
The Website Guy - MN
Small Business Web Design
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

If you make it required you have to add a value. I just created an editbox, called it LastName, hid it, made it required, changed the min characters to 1 and the max characters to 1. Even added an initial value.

It still threw an error, that lastname needs to be filled.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

I think that spammers are able to bypass any client side validation. I know they are going the script because I get their ip addresses from the script, but somehow they are only executing half the script, since the script also checks for the captcha validation and they bypass it.
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

Input validation uses JavaScript, so this can be bypassed.
Captcha is validated on the server (via PHP) this does not use JavaScript and they should not be able to bypass this unless there is a problem with reCaptcha (Google).
But if this was a known issue then you would expect that Google had already fixed this my now.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

I cannot tell if they are going through captcha or not, maybe they validated once as a human and then have script which just checks the box. I tried to get around the captcha but could not.

How do I add a custom code validation after the ValidateEmail in the code snippet below for index.html? I couldn't find a hook in the ide to do any type server side validation. I will simply check if the message field has at least 40 characters , if not just kick it back.

$boundary = md5(uniqid(time()));

$header = 'From: '.$mailfrom.$eol;
$header .= 'Reply-To: '.$mailfrom.$eol;
$header .= 'MIME-Version: 1.0'.$eol;
$header .= 'Content-Type: multipart/mixed; boundary="'.$boundary.'"'.$eol;
$header .= 'X-Mailer: PHP v'.phpversion().$eol;
if (!ValidateEmail($mailfrom))
{
$error .= "The specified email address is invalid!\n<br>";
}

if (!empty($error))
{
$errorcode = file_get_contents($error_url);
$replace = "##error##";
$errorcode = str_replace($replace, $error, $errorcode);
echo $errorcode;
exit;
}
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

You can add custom code to the form via 'Custom Form Processing'.
See also the info in the help.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Custom Form Processing Property is not available when you use the form property on the layout grid. I will recreate the form separately and then move it into position.

I think that property should be visible. They both should descend from the same object.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Pablo,

I can add the form created by the form wizard on a Layer but not on a layout grid. It does not snap in. I cannot find the custom processing tab for a layout grid embedded form. Are there any advance option flags which I need to set?

My entire site is built with Layout Grids so its natural to use the embedded form.
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

You cannot place a form on a layer or inside a layout grid.
But the layer/layout grid can be a form itself. In HTML you cannot nest forms.

See the FAQ:
https://www.wysiwygwebbuilder.com/forum ... 10&t=71391
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Pablo wrote: Sun Jan 14, 2018 6:35 pm You cannot place a form on a layer or inside a layout grid.
But the layer/layout grid can be a form itself. In HTML you cannot nest forms.

See the FAQ:
https://www.wysiwygwebbuilder.com/forum ... 10&t=71391
Agreed, my form is inside the layout grid, how do I get to the custom form processing tab? I right clicked in the from area, it does not show the custom form processing tab. This is what I see, Image
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

I'm sorry, Layout Grids do not support this functionality. It is currently only available for standard forms.
If you wish to implement more advanced form processing then you will have to create your own script.

But I think you first have to make sure that the issue is really related to recaptcha.
It would really surprise me if recaptcha could be bypassed this easily. Millions of websites use this service. It would be complete useless if it didn't work, right?
Maybe something else is wrong?

Did try to rename the page? Does the spam stop in that case?
User avatar
Rob
 
 
Posts: 202
Joined: Sun Jan 29, 2012 2:54 pm
Location: MN
Contact:

Re: Form Spam

Post by Rob »

Pablo, what is the difference between captcha and recaptcha. I've always used captcha and it seems to be pretty ok at filtering out robot spam.
The Website Guy - MN
Small Business Web Design
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

what is the difference between captcha and recaptcha.
The built-in captcha WWB's own captcha script.

reCaptcha uses Google's 'Recaptcha' service:
https://www.google.com/recaptcha
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Pablo, I have one website that uses the built in captcha. No spam on that at all. That was my first baby step, decided to use the more advanced recaptcacha on the other website, and getting spammed.

I am going to delete the website, rename the index page and re-publish. See if that fixes the issue.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Six hours and no spam mail since i changed the name of the page.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Spoke too soon. Spammed again this morning.
User avatar
BaconFries
 
 
Posts: 5619
Joined: Thu Aug 16, 2007 7:32 pm

Re: Form Spam

Post by BaconFries »

I dont think it will matter which you use captcha or reCaptcha if a 'Human' and not a 'Bot' wishes to sit and spam you all day long then they will. Even if you change the page name they still know your site url so they can still access your site and manually fill the form. There are other ways you can try such as implementing a 'Honey Pot' or using a .htaccess to block IP addresses. All of this is not related to the use of the program in anyway there is one simple way and that is not to have a contact form or a link to a contact email but then that defeats the purpose of what you require.
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

What is the PHP code of the page?
Maybe something is wrong with the logic of the page?
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

<?php
require_once './ReCaptcha/ReCaptcha.php';
require_once './ReCaptcha/RequestMethod.php';
require_once './ReCaptcha/RequestParameters.php';
require_once './ReCaptcha/Response.php';
require_once './ReCaptcha/RequestMethod/Post.php';
require_once './ReCaptcha/RequestMethod/Socket.php';
require_once './ReCaptcha/RequestMethod/SocketPost.php';
if (isset($_POST['g-recaptcha-response']))
{
$recaptcha = new \ReCaptcha\ReCaptcha("SECRET");
$response = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if (!$response->isSuccess())
{
header('Location: ./captchafailure.html');
exit;
}
}
function ValidateEmail($email)
{
$pattern = '/^([0-9a-z]([-.\w]*[0-9a-z])*@(([0-9a-z])+([-\w]*[0-9a-z])*\.)+[a-z]{2,6})$/i';
return preg_match($pattern, $email);
}
function ReplaceVariables($code)
{
foreach ($_POST as $key => $value)
{
if (is_array($value))
{
$value = implode(",", $value);
}
$name = "$" . $key;
$code = str_replace($name, $value, $code);
}
$code = str_replace('$ipaddress', $_SERVER['REMOTE_ADDR'], $code);
return $code;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['formid']) && $_POST['formid'] == 'layoutgrid8')
{
$mailto = 'formsender@xocomputers.com';
$mailfrom = isset($_POST['email']) ? $_POST['email'] : $mailto;
$subject = 'Website form';
$message = 'Values submitted from web site form:';
$success_url = './emailsuccess.html';
$error_url = './emailfailure.html';
$error = '';
$eol = "\n";
$boundary = md5(uniqid(time()));

$header = 'From: '.$mailfrom.$eol;
$header .= 'Reply-To: '.$mailfrom.$eol;
$header .= 'MIME-Version: 1.0'.$eol;
$header .= 'Content-Type: multipart/mixed; boundary="'.$boundary.'"'.$eol;
$header .= 'X-Mailer: PHP v'.phpversion().$eol;
if (!ValidateEmail($mailfrom))
{
$error .= "The specified email address is invalid!\n<br>";
}

if (!empty($error))
{
$errorcode = file_get_contents($error_url);
$replace = "##error##";
$errorcode = str_replace($replace, $error, $errorcode);
echo $errorcode;
exit;
}

$internalfields = array ("submit", "reset", "send", "filesize", "formid", "captcha_code", "recaptcha_challenge_field", "recaptcha_response_field", "g-recaptcha-response");
$message .= $eol;
$message .= "IP Address : ";
$message .= $_SERVER['REMOTE_ADDR'];
$message .= $eol;
$message .= "Referer : ";
$message .= $_SERVER['SERVER_NAME'];
$message .= $_SERVER['PHP_SELF'];
$message .= $eol;
$logdata = '';
foreach ($_POST as $key => $value)
{
if (!in_array(strtolower($key), $internalfields))
{
if (!is_array($value))
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . $value . $eol;
}
else
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . implode(",", $value) . $eol;
}
}
}
$body = 'This is a multi-part message in MIME format.'.$eol.$eol;
$body .= '--'.$boundary.$eol;
$body .= 'Content-Type: text/plain; charset=ISO-8859-1'.$eol;
$body .= 'Content-Transfer-Encoding: 8bit'.$eol;
$body .= $eol.stripslashes($message).$eol;
if (!empty($_FILES))
{
foreach ($_FILES as $key => $value)
{
if ($_FILES[$key]['error'] == 0)
{
$body .= '--'.$boundary.$eol;
$body .= 'Content-Type: '.$_FILES[$key]['type'].'; name='.$_FILES[$key]['name'].$eol;
$body .= 'Content-Transfer-Encoding: base64'.$eol;
$body .= 'Content-Disposition: attachment; filename='.$_FILES[$key]['name'].$eol;
$body .= $eol.chunk_split(base64_encode(file_get_contents($_FILES[$key]['tmp_name']))).$eol;
}
}
}
$body .= '--'.$boundary.'--'.$eol;
if ($mailto != '')
{
mail($mailto, $subject, $body, $header);
}
$successcode = file_get_contents($success_url);
$successcode = ReplaceVariables($successcode);
echo $successcode;
exit;
}
?>
<!doctype html>
<html lang="en-us">
<head>
<meta charset="utf-8">
<title>XOComputers - Home</title>
<meta name="author" content="Zee Khan - XOComputers">
<meta name="generator" content="WYSIWYG Web Builder 12 - http://www.wysiwygwebbuilder.com">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon">
<link href="font-awesome.min.css" rel="stylesheet">
<link href="xocomputers.css" rel="stylesheet">
<link href="welcome.css" rel="stylesheet">
<!-- Insert Google Analytics code here -->
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/j ... "></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());

gtag('config', 'UA-104143062-3');
</script>
</head>
<body data-spy="scroll" onload="ShowObject('Layer_TOS', 0);ShowObject('Layer_PrivacyPolicy', 0);return false;">
<div id="wb_LayoutGrid6">
<div id="LayoutGrid6">
<div class="col-1">
</div>
<div class="col-2">
<div id="wb_Image1">
<img src="images/XOComputers-logo-white%20%284%29.png" id="Image1" alt="">
</div>
</div>
<div class="col-3">
<div id="wb_CssMenu1">
<ul>
<li class="firstmain"><a href="#home" target="_self">HOME</a>
</li>
<li><a href="#services" target="_self">SERVICES</a>
</li>
<li><a href="#portfolio" target="_self">GALLERY</a>
</li>
<li><a href="#contact" target="_self">CONTACT</a>
</li>
</ul>

</div>
<div id="wb_home">
<a id="home">&nbsp;</a>

</div>
</div>
<div class="col-4">
</div>
</div>
</div>
<div id="wb_Carousel1">
<div id="Carousel1">
<div class="frame">
<div class="innerframe">
<div id="wb_Image2">
<img src="images/GoogleImages_imac-338988-1280_970x333.jpg" id="Image2" alt=""></div>
<div id="wb_Image7">
<img src="images/GoogleImages_imac-338988-1280_480x165.jpg" id="Image7" alt=""></div>
<div id="wb_Text6">
<span style="color:#FFFFFF;"><strong>Hardware repairs by experienced technicians</strong></span></div>
</div>
</div>
<div class="frame" style="display:none">
<div class="innerframe">
<div id="wb_Image3">
<img src="images/pexels-photo-461146_970x333.jpg" id="Image3" alt=""></div>
<div id="wb_Image8">
<img src="images/pexels-photo-461146_480x165.jpg" id="Image8" alt=""></div>
<div id="wb_Text11">
<span style="color:#FFFFFF;"><strong>24/7 remote monitoring</strong></span></div>
</div>
</div>
<div class="frame" style="display:none">
<div class="innerframe">
<div id="wb_Image4">
<img src="images/pexels-photo-325229_970x333.jpg" id="Image4" alt=""></div>
<div id="wb_Image9">
<img src="images/pexels-photo-325229_480x165.jpg" id="Image9" alt=""></div>
<div id="wb_Text12">
<span style="color:#FFFFFF;"><strong>Cloud services and storage at affordable rates</strong></span></div>
</div>
</div>
<div class="frame" style="display:none">
<div class="innerframe">
<div id="wb_Image10">
<img src="images/pixabay_office-1209640_480x165.jpg" id="Image10" alt=""></div>
<div id="wb_Image12">
<img src="images/pixabay_office-1209640_970x333.jpg" id="Image12" alt=""></div>
<div id="wb_Text13">
<span style="color:#FFFFFF;"><strong>We work with you on finding the most efficient solution</strong></span></div>
</div>
</div>
<div class="frame" style="display:none">
<div class="innerframe">
<div id="wb_Image11">
<img src="images/pexels-photo-68761._home_or_office%20480x165.jpg" id="Image11" alt=""></div>
<div id="wb_Image6">
<img src="images/pexels-photo-68761._home_or_office%20970x333.jpg" id="Image6" alt=""></div>
<div id="wb_Text14">
<span style="color:#FFFFFF;"><strong>Business or Home Office, we are there for you</strong></span></div>
</div>
</div>
</div>
</div>
<div id="Layer_PrivacyPolicy">
<div id="Layer_PrivacyPolicy_Container">
<div id="wb_Text2">
<span style="color:#000000;"><strong>XOComputers Privacy Policy<br></strong><br><strong>What information do we collect?<br></strong>We collect information from you when you register on our site, place an order, subscribe to our newsletter, respond to a survey or fill out a form. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address or phone number. You may, however, visit our site anonymously.<br><br><strong>What do we use your information for?<br></strong>Any of the information we collect from you may be used in one of the following ways: To process transactions Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested. To send periodic emails The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.<br><br><strong>How do we protect your information?<br></strong>We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.<br><br><strong>Do we use cookies?<br></strong>We do not use cookies.<br><br><strong>Do we disclose any information to outside parties?<br></strong>We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we be
lieve release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.<br><br><strong>Childrens Online Privacy Protection Act Compliance<br></strong>We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.<br><br><strong>Online Privacy Policy Only<br></strong>This online privacy policy applies only to information collected through our website and not to information collected offline.<br><br><strong>Your Consent<br></strong>By using our site, you consent to our privacy policy.<br><br><strong>Changes to our Privacy Policy<br></strong>If we decide to change our privacy policy, we will post those changes on this page.</span></div>
<div id="wb_FontAwesomeIcon4">
<a href="#" onclick="ShowObject('Layer_PrivacyPolicy', 0);return false;"><div id="FontAwesomeIcon4"><i class="fa fa-window-close-o">&nbsp;</i></div></a></div>
</div>
</div>
<div id="Layer_TOS">
<div id="Layer_TOS_Container">
<div id="wb_FontAwesomeIcon5">
<a href="#" onclick="ShowObject('Layer_TOS', 0);return false;"><div id="FontAwesomeIcon5"><i class="fa fa-window-close-o">&nbsp;</i></div></a></div>
<div id="wb_Text8">
<span style="color:#000000;"><strong>TERMS OF USE</strong><br>Welcome to our online website! XOCOMPUTERS and its associates provide their services to you subject to the following terms and conditions. If you visit this website, you accept the conditions listed here. Read carefully. <br><br><br><strong>PRIVACY</strong><br>We take privacy seriously. Our Privacy Notice governs your interaction with this website, including this visit. We urge you to read the Privacy Notice to better understand our policies. <br><br><br><strong>ELECTRONIC COMMUNICATIONS</strong><br>When you visit XOCOMPUTERS or send e-mails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on this site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.<br><br><br><strong>COPYRIGHT</strong><br>All content included on this site, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is the property of XOCOMPUTERS or its content suppliers and protected by international copyright laws. The compilation of all content on this site is the exclusive property of XOCOMPUTERS, with copyright authorship for this collection by XOCOMPUTERS, and protected by international copyright laws.<br><br><br><strong>TRADE MARKS</strong><br>XOCOMPUTERS's trademarks and trade dress may not be used in connection with any product or service that is not XOCOMPUTERS's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits XOCOMPUTERS. All other trademarks not owned by XOCOMPUTERS or its subsidiaries that appear on this site are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by XOCOMPUTERS or its subsidiaries.<br><br><br><strong>LICENSE AND SITE AC
CESS</strong><br>XOCOMPUTERS grants you a limited license to access and make personal use of this site and not to download (other than page caching) or modify it, or any portion of it, except with express written consent of XOCOMPUTERS. This license does not include any resale or commercial use of this site or its contents: any collection and use of any product listings, descriptions, or prices: any derivative use of this site or its contents: any downloading or copying of account information for the benefit of another merchant: or any use of data mining, robots, or similar data gathering and extraction tools. This site or any portion of this site may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent of XOCOMPUTERS. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of XOCOMPUTERS and our associates without express written consent. You may not use any meta tags or any other &quot;hidden text&quot; utilizing XOCOMPUTERSs name or trademarks without the express written consent of XOCOMPUTERS. Any unauthorized use terminates the permission or license granted by XOCOMPUTERS. You are granted a limited, revocable, and nonexclusive right to create a hyperlink to the home page of XOCOMPUTERS so long as the link does not portray XOCOMPUTERS, its associates, or their products or services in a false, misleading, derogatory, or otherwise offensive matter. You may not use any XOCOMPUTERS logo or other proprietary graphic or trademark as part of the link without express written permission.<br><br><br><strong>YOUR MEMBERSHIP ACCOUNT</strong><br>If you use this site, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your account or password. If you are under 18, you may use our
website only with involvement of a parent or guardian. XOCOMPUTERS and its associates reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders in their sole discretion.<br><br><br><strong>REVIEWS, COMMENTS, EMAILS, AND OTHER CONTENT</strong><br>Visitors may post reviews, comments, and other content: and submit suggestions, ideas, comments, questions, or other information, so long as the content is not illegal, obscene, threatening, defamatory, invasive of privacy, infringing of intellectual property rights, or otherwise injurious to third parties or objectionable and does not consist of or contain software viruses, political campaigning, commercial solicitation, chain letters, mass mailings, or any form of &quot;spam.&quot; You may not use a false e-mail address, impersonate any person or entity, or otherwise mislead as to the origin of a card or other content. XOCOMPUTERS reserves the right (but not the obligation) to remove or edit such content, but does not regularly review posted content. If you do post content or submit material, and unless we indicate otherwise, you grant XOCOMPUTERS and its associates a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content throughout the world in any media. You grant XOCOMPUTERS and its associates and sublicensees the right to use the name that you submit in connection with such content, if they choose. You represent and warrant that you own or otherwise control all of the rights to the content that you post: that the content is accurate: that use of the content you supply does not violate this policy and will not cause injury to any person or entity: and that you will indemnify XOCOMPUTERS or its associates for all claims resulting from content you supply. XOCOMPUTERS has the right but not the obligation to monitor and edit or remove any activity or content. XOCOMPUTERS takes no resp
onsibility and assumes no liability for any content posted by you or any third party.<br><br><br><strong>RISK OF LOSS</strong><br>All items purchased from XOCOMPUTERS are made pursuant to a shipment contract. This basically means that the risk of loss and title for such items pass to you upon our delivery to the carrier.<br><br><br><strong>PRODUCT DESCRIPTIONS</strong><br>XOCOMPUTERS and its associates attempt to be as accurate as possible. However, XOCOMPUTERS does not warrant that product descriptions or other content of this site is accurate, complete, reliable, current, or error-free. If a product offered by XOCOMPUTERS itself is not as described, your sole remedy is to return it in unused condition. <br><br><br>DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY THIS SITE IS PROVIDED BY XOCOMPUTERS ON AN &quot;AS IS&quot; AND &quot;AS AVAILABLE&quot; BASIS. XOCOMPUTERS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THIS SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, XOCOMPUTERS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. XOCOMPUTERS DOES NOT WARRANT THAT THIS SITE, ITS SERVERS, OR E-MAIL SENT FROM XOCOMPUTERS ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. XOCOMPUTERS WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS. <br><br><br><strong>APPLICABLE LAW</strong><br>By visiting XOCOMPUTERS, you agree that the laws
of the state of Massachussets, USA, without regard to principles of conflict of laws, will govern these Conditions of Use and any dispute of any sort that might arise between you and XOCOMPUTERS or its associates.<br><br><br><strong>DISPUTES</strong><br>Any dispute relating in any way to your visit to XOCOMPUTERS or to products you purchase through XOCOMPUTERS shall be submitted to confidential arbitration in the Sate of Massachussetts, United States of America, except that, to the extent you have in any manner violated or threatened to violate XOCOMPUTERSs intellectual property rights, XOCOMPUTERS may seek injunctive or other appropriate relief in any state or federal court in the United State of America, and you consent to exclusive jurisdiction and venue in such courts. Arbitration under this agreement shall be conducted under the rules then prevailing of the American Arbitration Association. The arbitrators award shall be binding and may be entered as a judgment in any court of competent jurisdiction. To the fullest extent permitted by applicable law, no arbitration under this Agreement shall be joined to an arbitration involving any other party subject to this Agreement, whether through class arbitration proceedings or otherwise.<br><br><br><strong>SITE POLICIES, MODIFICATION, AND SEVERABILITY</strong><br>Please review our other policies, such as our Shipping and Returns policy, posted on this site. These policies also govern your visit to XOCOMPUTERS. We reserve the right to make changes to our site, policies, and these Conditions of Use at any time. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition shall be deemed severable and shall not affect the validity and enforceability of any remaining condition.<br><br><br><strong>QUESTIONS</strong>:<br>Questions regarding our Conditions of Usage, Privacy Policy, or other policy related material can be directed to our support staff via email at: info@XOCOMPUTERS.com</span></div>
</div>
</div>
<div id="StickyLayer">
<div id="wb_Shape1">
<a href="./welcome.html#LayoutGrid6"><img class="hover" src="images/img0004_hover.png" alt="" style="border-width:0;width:40px;height:40px;"><span><img src="images/img0004.png" id="Shape1" alt=""></span></a></div>
</div>
<div id="wb_LayoutGrid2">
<div id="LayoutGrid2">
<div class="row">
<div class="col-1">
<div id="wb_Text4">
<span style="color:#696969;font-family:Arial;font-size:21px;"><strong>Services<br></strong></span><span style="color:#696969;font-family:Arial;font-size:16px;"><em>Learn all about our multi-tiered services</em></span>
</div>
<div id="wb_services">
<a id="services">&nbsp;</a>

</div>
</div>
</div>
</div>
</div>
<div id="wb_LayoutGrid1">
<div id="LayoutGrid1">
<div class="row">
<div class="col-1">
<hr id="DummyLine1">
<div id="wb_FontAwesomeIcon1">
<div id="FontAwesomeIcon1"><i class="fa fa-newspaper-o">&nbsp;</i></div>
</div>
<div id="wb_Text9">
<span style="color:#696969;"><strong>Websites<br></strong><br>Creating a website requires an investment of ideas, vision and skills. At XOComputers we use our skills to convert your ideas and deliver on your vision. A website is the face of your business to the outside world of markets and customers, wheather you choose a template or require a completely unique design our attention to detail remains the same. Call us today for a free evaluation of your needs. </span>
</div>
<div id="wb_Shape2">
<a href="./welcome.html" onclick="ShowObjectWithEffect('Layer_Terms_Conditions', 1, 'dropdown', 500);return false;"><div id="Shape2"><div id="Shape2_text"><span style="color:#696969;font-family:Arial;font-size:13px;">Learn More</span></div></div></a>
</div>
</div>
<div class="col-2">
<hr id="Line1">
<div id="wb_FontAwesomeIcon2">
<div id="FontAwesomeIcon2"><i class="fa fa-desktop">&nbsp;</i></div>
</div>
<div id="wb_Text10">
<span style="color:#696969;"><strong>Technology<br></strong><br>Be it hardware or software, a home based business, or a personal computer we have the experience and the knowledge to resolve any issue within an acceptable timeframe. We implement and support end-to-end technology solutions on desktops, laptops, tablets, tabs, handheld, networks, servers, or cloud solutions. Where a technical staff position can run over $100,000+ per year, we can provide the same for a lot less. Look up our plans and call us. We can tailor our services to meet your needs.</span>
</div>
<div id="wb_Shape4">
<a href="#about"><div id="Shape4"><div id="Shape4_text"><span style="color:#696969;font-family:Arial;font-size:13px;">Learn More</span></div></div></a>
</div>
</div>
<div class="col-3">
<hr id="Line2">
<div id="wb_FontAwesomeIcon3">
<div id="FontAwesomeIcon3"><i class="fa fa-life-ring">&nbsp;</i></div>
</div>
<div id="wb_Text3">
<span style="color:#696969;"><strong>Support<br></strong><br>We are available 24/7 for our customers and provide technical support via remote channels, on-line, phone or on-site. Our customers can also take advantage of a loaner PC to avoid any downtime in their day to day work. Each customer tier comes with its own support package, or call us for a package tailored to your needs.</span>
</div>
<div id="wb_Shape5">
<a href="#about"><div id="Shape5"><div id="Shape5_text"><span style="color:#696969;font-family:Arial;font-size:13px;">Learn More</span></div></div></a>
</div>
</div>
</div>
</div>
</div>
<div id="wb_LayoutGrid3">
<div id="LayoutGrid3">
<div class="row">
<div class="col-1">
<div id="wb_portfolio">
<a id="portfolio">&nbsp;</a>

</div>
<div id="wb_Text5">
<span style="color:#696969;font-family:Arial;font-size:21px;"><strong>Gallery<br></strong></span><span style="color:#696969;font-family:Arial;font-size:16px;"><em>Browse through some of our solutions</em></span>
</div>
</div>
</div>
</div>
</div>
<div id="wb_LayoutGrid4">
<div id="LayoutGrid4-overlay"></div>
<div id="LayoutGrid4">
<div class="row">
<div class="col-1">
<div id="wb_PhotoGallery1">
<div id="PhotoGallery1">
<div class="thumbnails">
<figure class="thumbnail">
<a href="images/server-2160321_1920_800x545.jpg"><img alt="" src="images/server-2160321_1920_800x545.jpg"></a>
</figure>
<figure class="thumbnail">
<a href="pexels-photo-356056 (1).jpeg"><img alt="" src="pexels-photo-356056 (1).jpeg"></a>
</figure>
<figure class="thumbnail">
<a href="images/server-2160321_1920_800x600.jpg"><img alt="" src="images/server-2160321_1920_800x600.jpg"></a>
</figure>
<div class="clearfix visible-col3"></div>
<figure class="thumbnail">
<a href="images/computer-motherboard-pc-wires.jpg"><img alt="" src="images/computer-motherboard-pc-wires.jpg"></a>
</figure>
<figure class="thumbnail">
<a href="images/workshop-377099_1280_800x600.jpg"><img alt="" src="images/workshop-377099_1280_800x600.jpg"></a>
</figure>
<figure class="thumbnail">
<a href="images/rawpixel-com-423656_800x600.jpg"><img alt="" src="images/rawpixel-com-423656_800x600.jpg"></a>
</figure>
<div class="clearfix visible-col3"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="wb_LayoutGrid8">
<form name="ContactMe" method="post" action="<?php echo basename(__FILE__); ?>" enctype="multipart/form-data" target="_self" id="LayoutGrid8" onsubmit="return ValidateContactMe(this)">
<input type="hidden" name="formid" value="layoutgrid8">
<div class="row">
<div class="col-1">
<div id="wb_contact">
<a id="contact">&nbsp;</a>

</div>
</div>
<div class="col-2">
<div id="wb_Text7">
<span style="color:#696969;font-family:Arial;font-size:21px;"><strong>CONTACT FORM</strong></span>
</div>
<input type="text" id="Editbox1" name="name" value="" spellcheck="false" placeholder="Name*">
<input type="email" id="Editbox2" name="email" value="" spellcheck="false" placeholder="Email*">
<input type="text" id="Editbox3" name="phone" value="" spellcheck="false" placeholder="Phone">
<textarea name="message" id="TextArea1" rows="4" cols="97" spellcheck="true" placeholder="Message"></textarea>
<div id="wb_LayoutGrid7">
<div id="LayoutGrid7">
<div class="col-1">
<div id="wb_Extension1">
<div class="g-recaptcha" data-sitekey="6LcZbD4UAAAAAKy0c97YSVFhqUq2_vo9lghJOr7I"></div>

</div>
</div>
<div class="col-2">
<input type="submit" id="Button1" name="" value="CONTACT US">
</div>
</div>
</div>
</div>
<div class="col-3">
</div>
</div>
</form>
</div>
<div id="wb_LayoutFooter">
<div id="LayoutFooter">
<div class="col-1">
</div>
<div class="col-2">
<div id="wb_LayoutGrid5">
<div id="LayoutGrid5">
<div class="col-1">
<div id="wb_Text1">
<span style="color:#FFFFFF;">XOComputers &#0169; 2014-2017, All rights reserved. </span>
</div>
</div>
<div class="col-2">
<div id="wb_Text_TermsAndConditions">
<span style="color:#FFFFFF;"><a href="./welcome.html" onclick="ShowObject('Layer_TOS', 1);return false;">Terms And Conditions</a></span>
</div>
</div>
<div class="col-3">
<div id="wb_Text_PrivacyPolicy">
<span style="color:#FFFFFF;"><a href="./welcome.html" onclick="ShowObject('Layer_PrivacyPolicy', 1);return false;">Privacy Policy</a></span>
</div>
</div>
</div>
</div>
</div>
<div class="col-3">
</div>
</div>
</div>

<script src="jquery-1.12.4.min.js"></script>
<script src="jquery-ui.min.js"></script>
<script src="wb.carousel.effects.min.js"></script>
<script src="scrollspy.min.js"></script>
<script>
function ValidateContactMe(theForm)
{
var regexp;
if (theForm.Editbox1.value == "")
{
alert("Name cannot be blank");
theForm.Editbox1.focus();
return false;
}
if (theForm.Editbox1.value.length < 3)
{
alert("Name cannot be blank");
theForm.Editbox1.focus();
return false;
}
if (theForm.Editbox1.value.length > 60)
{
alert("Name cannot be blank");
theForm.Editbox1.focus();
return false;
}
regexp = /^([0-9a-z]([-.\w]*[0-9a-z])*@(([0-9a-z])+([-\w]*[0-9a-z])*\.)+[a-z]{2,6})$/i;
if (!regexp.test(theForm.Editbox2.value))
{
alert("Please provide a valid email. ");
theForm.Editbox2.focus();
return false;
}
if (theForm.Editbox2.value == "")
{
alert("Please provide a valid email. ");
theForm.Editbox2.focus();
return false;
}
if (theForm.Editbox2.value.length < 6)
{
alert("Please provide a valid email. ");
theForm.Editbox2.focus();
return false;
}
if (theForm.Editbox2.value.length > 70)
{
alert("Please provide a valid email. ");
theForm.Editbox2.focus();
return false;
}
if (theForm.TextArea1.value == "")
{
alert("Enter a valid message greater than 40 characters");
theForm.TextArea1.focus();
return false;
}
if (theForm.TextArea1.value.length < 40)
{
alert("Enter a valid message greater than 40 characters");
theForm.TextArea1.focus();
return false;
}
if (theForm.TextArea1.value.length > 512)
{
alert("Enter a valid message greater than 40 characters");
theForm.TextArea1.focus();
return false;
}
return true;
}
</script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<script src="wwb12.min.js"></script>
<script>
$(document).ready(function()
{
$("a[href*='#LayoutGrid6']").click(function(event)
{
event.preventDefault();
$('html, body').stop().animate({ scrollTop: $('#wb_LayoutGrid6').offset().top }, 600, 'linear');
});
var Carousel1Opts =
{
delay: 5000,
duration: 700,
easing: 'easeOutSine',
mode: 'slide',
direction: 'down',
scalemode: 3,
pagination: false,
start: 0
};
$("#Carousel1").on('activate', function(event, index)
{
switch(index)
{
case 0:
ShowObjectWithEffect('wb_Text6', 1, 'dropleft', 600, 'easeOutBounce');
break;
case 1:
ShowObjectWithEffect('wb_Text11', 1, 'dropleft', 600, 'easeOutBounce');
break;
case 2:
ShowObjectWithEffect('wb_Text12', 1, 'dropleft', 600, 'easeOutBounce');
break;
case 3:
ShowObjectWithEffect('wb_Text13', 1, 'dropleft', 600, 'easeOutBounce');
break;
case 4:
ShowObjectWithEffect('wb_Text14', 1, 'dropleft', 600, 'easeOutBounce');
break;
}
});
$("#Carousel1").on('beforeActivate', function(event, index)
{
switch(index)
{
case 0:
ShowObject('wb_Text14', 0);
break;
case 1:
ShowObject('wb_Text6', 0);
break;
case 2:
ShowObject('wb_Text11', 0);
break;
case 3:
ShowObject('wb_Text12', 0);
break;
case 4:
ShowObject('wb_Text13', 0);
break;
}
});
$("#Carousel1").carouseleffects(Carousel1Opts);
$("a[href*='#home']").click(function(event)
{
event.preventDefault();
$('html, body').stop().animate({ scrollTop: $('#wb_home').offset().top }, 500, 'easeOutCubic');
});
function homeScroll()
{
var $obj = $("#wb_home");
if (!$obj.hasClass("in-viewport") && $obj.inViewPort(false))
{
$obj.addClass("in-viewport");
ShowObject('StickyLayer', 0);
}
else
if ($obj.hasClass("in-viewport") && !$obj.inViewPort(true))
{
$obj.removeClass("in-viewport");
ShowObject('StickyLayer', 1);
}
}
if (!$('#wb_home').inViewPort(true))
{
$('#wb_home').addClass("in-viewport");
}
homeScroll();
$(window).scroll(function(event)
{
homeScroll();
});
$("a[href*='#services']").click(function(event)
{
event.preventDefault();
$('html, body').stop().animate({ scrollTop: $('#wb_services').offset().top }, 600, 'easeOutCubic');
});
$("a[href*='#portfolio']").click(function(event)
{
event.preventDefault();
$('html, body').stop().animate({ scrollTop: $('#wb_portfolio').offset().top }, 600, 'easeOutCubic');
});
$("a[href*='#contact']").click(function(event)
{
event.preventDefault();
$('html, body').stop().animate({ scrollTop: $('#wb_contact').offset().top }, 600, 'easeOutCubic');
});
});
</script>
<script src="welcome.js"></script>
</body>
</html>
User avatar
Pablo
 
Posts: 22422
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: Form Spam

Post by Pablo »

The code looks correct.
As far as I can see there is no way to bypass the captcha check for this form.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

My next step is to add validation for the Message field on the server and capturing the captcha response. Currently the spammers are leaving the message field blank, bypassing the client validation.
User avatar
protectourlands
 
 
Posts: 426
Joined: Sat May 24, 2008 2:16 am
Contact:

Re: Form Spam

Post by protectourlands »

For what it is worth, I have discontinued using Google reCAPTCHA V2 and invisible. They no longer work for me. The WB CAPTCHA blocks everything.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Thanks. Planning on doing that. Got slammed today with spam.

http://securityaffairs.co/wordpress/56 ... cking.html

There is actually a paper on how to break the captacha by using the Googles' voice recognition api to solve the captcha.

“Let’s download the audio file and send it to Google Speech Recognition API. Before doing so, we will convert it to a ‘wav’ format, which is requested by Google’s Speech Recognition API. Now we have the audio challenge file and are ready to send it to Google Speech Recognition. How can this be done? Using (Google’s own) API,” continues the post.

And there is pay service
http://www.solverecaptcha.com/
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

@protectourlands
thanks for the info about google, i didnt know about such an issue! do you mean that even google team were not able to fight effectively against spam!?
User avatar
Rob
 
 
Posts: 202
Joined: Sun Jan 29, 2012 2:54 pm
Location: MN
Contact:

Re: Form Spam

Post by Rob »

Ok. I got a simple “are you human” QnA to work. Set a field required to 1 – be a number under general, 2 - validate default as a number and equal to the correct answer, 3 – set condition to allow the send button to work only when answer is correct. I think it worked with human entry. I am hoping this works with robot spam. Thoughts?
The Website Guy - MN
Small Business Web Design
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

rob, i did my own captcha, fortunately i'm not so famous as google guys, so robots did not pay attention to my existence and they did not discover my formulas :) -- seems they are a bit complex at the moment...
i think what you did should be enough, but i was in the urgent need to resolve it in a different way and helped me a lot against spam
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

I think any solution widely used will be widely vulnerable. A custom solution will probably work better as fewer people will focus on breaking it. But does it still have the same level of confidence when talking to clients. They all want that shiny google captcha.

I am thinking of a combination, invisible captcha followed by a server side validation.
User avatar
protectourlands
 
 
Posts: 426
Joined: Sat May 24, 2008 2:16 am
Contact:

Re: Form Spam

Post by protectourlands »

@protectourlands
thanks for the info about google, i didnt know about such an issue! do you mean that even google team were not able to fight effectively against spam!?
RZ

Several months ago I began receiving spam through V2 and Invisible when it hadn't been getting through previously. To me it seemed the bad guys figured out a way through. I internet searched this and didn't find anything, so I concluded Google didn't want this public until they could fix it. I never filed a ticket and always hoped it would get resolved. I switched back to WB CAPTCHA.

A few weeks ago I had a client complain about the complexity of "repeat these characters" WB CAPTCHA in a simple email newsletter signup form. I tried V2 again and no luck. I tried Invisible again and no luck. I even tried a hidden field and a javascript, hoping the spammers could not parse js and that didn't work. The client eventually had me remove the form.

In conclusion, the only way I have been able to absolutely prevent spam is to use WB CAPTCHA "Repeat These Characters". I was searching through the forum yesterday and found this string stating what appeared to be the same experience I had with V2 and Invisible. I don't believe I was installing the Google systems wrong, but I suppose anything is possible.

I see forms on the net all the time that do not use upfront CAPTCHA. I have read several articles on how this could be done but have no idea if they are effective. I did try the hidden field/js method and that did not work for me. I am open to any recommendations.
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

i think magical is correct, nothing is not vulnerable at all, as we are dealing also with humans (a weird specimen sometimes) and in that case they qualify as non-robots and if they want can manually spam all the time
so i have a combination/variant of more than one technique
fortunately spam has stopped -- but idiots are smart driving you crazy, unfortunately they are beyond of the captcha algorithm because there is nothing we can do with people with too much spare time
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

I concluded Google didn't want this public until they could fix it
how true i find this assertion!
private solutions are not the first target, i agree with this also (and this is the main reason why i opted for a private one, in my personal case i wrote my own captcha and silent captcha, fortunately it works, however i think if you already found a way and it works, do not change it unless you are searching for something different or specific to your scheme)
captcha is so catchy... so you need discrete ways to protect your forms
in just few words i agree with you
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

I really appreciate everyone's support and sharing your experience. Together we can only become stronger and better. I am learning more about captcha then i ever thought i would need.

A friend suggested I get a new sitekey and secret key. So I am going to give it one more shot, otherwise I will just keep the captcha as a honey pot and roll out my own solution underneath. Having it on the form will satisfy a key client requirement, having my own solution underneath will get me out of the clean up mess.

For the future it would be nice if WWB have an option to save the captcha response and send it in the email. Or have a choice between server side validation and client side validation fields, and "fake" required fields which are hidden and appear to scripts as required but should actually be blank.
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

forget the "fake" required fields, this is pretty outdated... since some time ago robots already know this
User avatar
[RZ]
 
 
Posts: 1912
Joined: Tue Nov 04, 2008 12:08 pm

Re: Form Spam

Post by [RZ] »

btw, forgot to mention, captcha should be constantly checked... (not an easy job, do not expect too much from freebies solutions)
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Thanks for all the suggestions. I had a discussion with my ISP. Fortunately and I mean big time fortunately, there was an experienced guy manning the phones, and he asked me to make some changes.

1 - Have a custom script for submission - he had me add an onclick check to the submit button overriding its default behavior, and then another onclick which just returns true. Somehow this confuses some of the bots.

2 - Change the file extension to php from html. I had enabled a handler on the server which sent all html files through the php engine, but he had me change index.html to index3.php and disable the handler. He said this will hide your form from many of the bots, and if your page has php then the extension should be php.

Additional:
3 - Add a hidden field "Valid Captcha" with a default value of "Yes". Then in the onclick submit script set that value to "Null". In the php he wants me to redirect to a 400.html location if not Null. (have not done this yet).

Since I made the changes 4 days ago I have only received one spam mail. Just sharing in case it would help anyone.
User avatar
Patrik iden
 
 
Posts: 479
Joined: Wed Mar 24, 2010 9:07 pm
Location: Sweden

Re: Form Spam

Post by Patrik iden »

Hello, i also made my own kind of Captcha just using WWB fields and som PHP random number code.
It's a long time sense i did this but i'll try to explain if it helps.

1. So i have on field that i named captcha_question and in this field i have the following settings:

Name: captcha_question
Initial value: <?php $random = substr(number_format(time() * rand(),0,'',''),0,6); echo $random?>
Type: text (this can maybe be set to number).
Max. lenght: 0 (this can maybe be set to 6).

You can if you want change the value 6 in the PHP code and in that case also in Max. lenght.

Validation for this field is:
Mode: Default.
Data type: No Constraints.

The style for this field is so you can only see the random code (no borders, backgroud is transparent).
Then before this code i have just a text field whit the text like: Type this code in the box.


2. Now i have a second field named: catpcha_answer.
Typ: number.
Max. lenght: 6.

Validation:
Mode: Default.
Data type: Number.

Data required (checked):
Minimum: 6, Maximum: 6

Match:
This field must have the same value as: (the name of the captcha_question field).

And i think that's it. This way you will have to type in 6 didgits and only 6 didgits to the captcha_answer field
or else you will have an error. I gues this is like some type of hony trap.

Hope this can be of some help.

Regards

//Patrik.
User avatar
Magical
 
 
Posts: 111
Joined: Thu Dec 14, 2017 5:08 pm
Contact:

Re: Form Spam

Post by Magical »

Thanks for the detailed response. Appreciate it.
Post Reply