www.wysiwygwebbuilder.com

Hi All,

Just thought I'd share an interesting experience I had with three of my Clients. Recently, and between them, they received over 200 spam emails through their web forms. Perhaps equally interesting is that each of them actually have mailto: in their website (yes, yes I know, but they insisted) and they weren't spammed.

I blacklisted the email addresses via their cPanel email accounts (of course that only black lists the sent from email address which can be phished to cloak the actual send to email address as identified in the reply to.

In each case I modified the web form via Form > Object properties > General (tab) > Advanced > Miscellaneous Tab and ticked
1) Enable server sided validation
2( Do not allow URLs in form data
3) Check if the domain of the specified email address is valid (look up MX record).

I'm pleased to say that after doing that, the spam ceased.

Well done to Pablo for putting those in.

Any one else had the same experience with Clients? - and for those that have, the above may be of some help.

All forms use Google's Captcha 2.

Helo Colin,

Ohhh, yes, a lot of spam email.

I have used another way to solve my problem.

My Solution is based on https://perishablepress.com/block-bad-queries/

that somebody has modified for me.

For my purposes, I use the Request of the server, the content of the fields Name, email Address and message of the form.

The form include a php file in the same directory on the server (bad-words.php) where I have defined some parameters, like "bad words".

Now, if the server request OR the title of the form OR the name of the form OR the message of the form have at least one "bad word", the email is considered spam, and the IP is redirected to hell. This all even if the capchta is correct.

If this is the case, an error is displayed and the spammer can not access again the form The server respond with a "403=> access denied"

I think this will be a interesting option for the members of this forum ho know better php like me:-)to make for the WWB a better spam protection as a captcha. If desired, please contact me via email.

Regards, Adrian

Thanks for the response Adrian - an interesting solution.

Hi Colin... hope you're doin well down under
Just an experience... I had the Captcha 2 on one site and they started to get some spam. I just felt for testing the new hCaptcha extension provided by Pablo and changed. The spam stopped immediately and now after 3 weeks "No spam".
Looks like it does the work better... but we'll see.

Hey Bluesman,

That's interesting feed back about the hCaptcha - I'll keep that in mind if the three additional form spam filters that Pablo supplied don't permanently solve the issue. As previously mentioned, so far they are doing the trick.

Of course, the additional elements to consider is what management platform spam software you're using.

cPanel - Spam assassin - right click and block in email account - blocks sending email address - won't work if the send is spoofed (Phished).
cPanel - Spam assassin - EMAIL - Spam Filters - Show Additional Configurations - Edit Spam Blacklist Setting - add ACTUAL emails address if generic Domain - eg gmail.com - works but it's a manual process.
Non cPanel hosted email accounts - SpamExperts - MUCH better than Spam assassin.

Hi Colin I have a similar script that works along the same lines as Adrian. If you wish I can send it to you for you to check out. Let me know.

Hey BC,

Thanks Mate - I'll keep that in mind and appreciate the offer.