Bots getting by my Captcha???

Post Reply

Page 12 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
hisplaceresort Members Profile Find Members Posts Newbie Joined: 12 December 2008 Location: USA Status: Offline Points: 13	Post Options Post Reply Quote hisplaceresort Report Post Thanks(0) Quote Reply Topic: Bots getting by my Captcha??? Posted: 15 December 2008 at 1:05pm
	I have Captcha installed on my webform. And it works. Or does it??? My form is simple. Name, email address, comments... at this time, there is no field validation other than having to enter the captcha code before hitting submit. Odd thing, I'm receiving blank emails. I have received about 6 like it, but I thought I was the one who had generated them while I was getting everything to work... I know for certain now that is not the case. I was asleep when the last 2 were generated... What's so interesting about getting a blank email? By default, I have pre-loaded comments in about 1/2 the fields in my form. So... if you bring up my form, only fill out the security code, and click submit, those fields are populated in the email that is generated. If a human was generating these emails... why would one clear out every field and submit them? Therefore, it's something else, I think... And yes, I know a captcha is not going to make your web form completely secure... But still, any ideas???

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 15 December 2008 at 1:25pm
	It sounds like someone is submitting directly to the file that sends the email. What you need to do is make sure the file that sends email is protected by the CAPTCHA so that if someone submits directly to the file it doesn't process the code that sends the email.
	Web Wiz Forums Hosting ASP.NET Web Hosting

123Simples Members Profile Find Members Posts Senior Member Joined: 08 July 2007 Location: United Kingdom Status: Offline Points: 1192	Post Options Post Reply Quote 123Simples Report Post Thanks(0) Quote Reply Posted: 15 December 2008 at 4:20pm
	Hi Julie You had missed out a line on your sendmail.asp file which stops the form from processing and you should have received the files by email with the line in it as it should be <% 'The line below will prevent the rest of the file from processing if the CAPTCHA code is entered incorrectly 'To use the line below remove the comment (') quote mark from in front of the line If blnCAPTCHAcodeCorrect = False Then Call stopProcess() %> Your new file that I've sent to you has that line in it
	Visit 123 Simples Web Design

hisplaceresort Members Profile Find Members Posts Newbie Joined: 12 December 2008 Location: USA Status: Offline Points: 13	Post Options Post Reply Quote hisplaceresort Report Post Thanks(0) Quote Reply Posted: 16 December 2008 at 5:19am
	I bet that was it. I put that block of code in my sendmail.asp on my main site, and we'll see if I get any more. I'll let you know! I do not remember seeing that one needs to insert that line of code in the installation instructions, but unfortunately, it would not be the first time I thought I was following directions and missed something! Thanks, Doug! You rock!

123Simples Members Profile Find Members Posts Senior Member Joined: 08 July 2007 Location: United Kingdom Status: Offline Points: 1192	Post Options Post Reply Quote 123Simples Report Post Thanks(0) Quote Reply Posted: 16 December 2008 at 6:50pm
	Your welcome Julie - hope the files I sent explain a lot more
	Visit 123 Simples Web Design

rkeener2 Members Profile Find Members Posts Newbie Joined: 15 February 2009 Location: Atlanta Status: Offline Points: 2	Post Options Post Reply Quote rkeener2 Report Post Thanks(0) Quote Reply Posted: 15 February 2009 at 4:53am
	My spam has started to increase. Recently it has increased exponentially. Yesterday I received 150 spam emails and today I received 175 spam emails. All apparently from the same person/bot all apparently trying to post links. I notice some anomalies in the headers that exist in the valid vs. the spam emails. Valid email headers look like this: CAPTCHA_Postback: true FirstName: Bob LastName: Smith Submit: Form Submission comments: Blah, Blah, Blah email:persons name@gmail.com securityCode: 87PF3 submit: submit ------------------------------ ----------------------------------- This e-mail was generated from a form submission on your website: my correct website name.com at 2/14/2009 9:57:06 AM While the spammer email always looks similar to this: FirstName: Kir LastName: Arnie SubmitCase: Form Submission comments:(a bunch of link spam appears here) email: various bogus names@various bogus email addresses.com submit: submit ------------------------------ ----------------------------------- This e-mail was generated from a form submission on your website: my correct website name.com at 2/14/2009 1:27:09 PM Of particular interest is that: 1. the "CAPTCHA_Postback: true" statement is missing from all the spam 2. valid emails come in showing: "Submit: Form Submission" while spams all say "SubmitCase: Form Submission" 3. the "securityCode:" message and number are missing from all the spams. I must be doing something wrong, can you help me figure out how to fix this? Thanks in advance! rkeener2

123Simples Members Profile Find Members Posts Senior Member Joined: 08 July 2007 Location: United Kingdom Status: Offline Points: 1192	Post Options Post Reply Quote 123Simples Report Post Thanks(0) Quote Reply Posted: 15 February 2009 at 12:51pm
	Looking at your asp page you have not just entered the information at the correct points, so effectively this does not help In code view you should have something like this: At the very top of your page <%@LANGUAGE="VBSCRIPT" %> Then just after your <link href="line add this <!-- Include file for CAPTCHA configuration --> <!-- #include file="CAPTCHA/CAPTCHA_configuration.asp" --> Then create your form as you have done, and then where you want the captcha image to appear <!-- include the Web Wiz CAPTCHA form --> <!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" --> do that and it should help. The other alternative is to add javascript functions too to cut down on time wasters sending you garbage - see here for an example - try submitting the form without filling in anything Hope that helps
	Visit 123 Simples Web Design

rkeener2 Members Profile Find Members Posts Newbie Joined: 15 February 2009 Location: Atlanta Status: Offline Points: 2	Post Options Post Reply Quote rkeener2 Report Post Thanks(0) Quote Reply Posted: 16 February 2009 at 4:27am
	OK, I'll give it a try. I'm kinda a noob with all this, so please forgive the following noob sounding questions. Funny thing is I have not received any spams attempts today. <scratches head> I received hundreds of them the last few days and the only change I made was to change all my ftp and hosting passwords and now they have stopped (though I do seem to recall receiving some spam yesterday after I changed my passwords). At the risk of sounding like I'm stating the obvious, Is one connected to the other or is this merely a coincidence? Also,I was doing some research on the web and reading about server side validation vs. client side validation and how, without server side validation, some asp codes can be "tricked" to send a form without validation. Could that have been happening with my site with the code I was using? (I assume Web Wiz has both server and client side validation. Thanks again for the previous quick response! Edited by rkeener2 - 16 February 2009 at 2:56pm

Post Reply	Page 12 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum