Bots getting by my Captcha???
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz CAPTCHA
Forum Description: Support forum for the Web Wiz CAPTCHA security image.
URL: https://forums.webwiz.net/forum_posts.asp?TID=26678
Printed Date: 28 March 2026 at 6:03am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Bots getting by my Captcha???
Posted By: hisplaceresort
Subject: Bots getting by my Captcha???
Date Posted: 15 December 2008 at 1:05pm
|
I have Captcha installed on my webform. And it works. Or does it??? My form is simple. Name, email address, comments... at this time, there is no field validation other than having to enter the captcha code before hitting submit.
Odd thing, I'm receiving blank emails. I have received about 6 like it, but I thought I was the one who had generated them while I was getting everything to work... I know for certain now that is not the case. I was asleep when the last 2 were generated...
 What's so interesting about getting a blank email? By default, I have pre-loaded comments in about 1/2 the fields in my form. So... if you bring up my form, only fill out the security code, and click submit, those fields are populated in the email that is generated.
If a human was generating these emails... why would one clear out every field and submit them? Therefore, it's something else, I think...
And yes, I know a captcha is not going to make your web form completely secure... But still, any ideas???
------------- Julie |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 15 December 2008 at 1:25pm
|
It sounds like someone is submitting directly to the file that sends the email. What you need to do is make sure the file that sends email is protected by the CAPTCHA so that if someone submits directly to the file it doesn't process the code that sends the email. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: 123Simples
Date Posted: 15 December 2008 at 4:20pm
|
Hi Julie You had missed out a line on your sendmail.asp file which stops the form from processing and you should have received the files by email with the line in it as it should be <% 'The line below will prevent the rest of the file from processing if the CAPTCHA code is entered incorrectly 'To use the line below remove the comment (') quote mark from in front of the line If blnCAPTCHAcodeCorrect = False Then Call stopProcess() %> Your new file that I've sent to you has that line in it  ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
Posted By: hisplaceresort
Date Posted: 16 December 2008 at 5:19am
|
I bet that was it. I put that block of code in my sendmail.asp on my main site, and we'll see if I get any more. I'll let you know! I do not remember seeing that one needs to insert that line of code in the installation instructions, but unfortunately, it would not be the first time I thought I was following directions and missed something! Thanks, Doug! You rock! ------------- Julie |
Posted By: 123Simples
Date Posted: 16 December 2008 at 6:50pm
|
Your welcome Julie - hope the files I sent explain a lot more
------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
Posted By: rkeener2
Date Posted: 15 February 2009 at 4:53am
|
My spam has started to increase. Recently it has increased exponentially. Yesterday I received 150 spam emails and today I received 175 spam emails. All apparently from the same person/bot all apparently trying to post links. I notice some anomalies in the headers that exist in the valid vs. the spam emails. Valid email headers look like this: CAPTCHA_Postback: true FirstName: Bob LastName: Smith Submit: Form Submission comments: Blah, Blah, Blah email:persons name mailto:Orlandomorocco@gmail.com" rel="no follow - @gmail.com securityCode: 87PF3 submit: submit ------------------------------ This e-mail was generated from a form submission on your website: http://keenerlaw.com/" rel="no follow - my correct website name.com at 2/14/2009 9:57:06 AM While the spammer email always looks similar to this: FirstName: Kir LastName: Arnie SubmitCase: Form Submission comments:(a bunch of link spam appears here) email: mailto:nick76@mailbox.com" rel="no follow - various bogus names@various bogus email addresses.com submit: submit ------------------------------ This e-mail was generated from a form submission on your website: http://keenerlaw.com/" rel="no follow - my correct website name.com at 2/14/2009 1:27:09 PM 1. the "CAPTCHA_Postback: true" statement is missing from all the spam 2. valid emails come in showing: "Submit: Form Submission" while spams all say "SubmitCase: Form Submission" 3. the "securityCode:" message and number are missing from all the spams. I must be doing something wrong, can you help me figure out how to fix this? Thanks in advance! rkeener2 ------------- rkeener2 |
Posted By: 123Simples
Date Posted: 15 February 2009 at 12:51pm
|
Looking at your asp page you have not just entered the information at the correct points, so effectively this does not help In code view you should have something like this: At the very top of your page <%@LANGUAGE="VBSCRIPT" %> Then just after your <link href="line add this <!-- Include file for CAPTCHA configuration --> <!-- #include file="CAPTCHA/CAPTCHA_configuration.asp" --> Then create your form as you have done, and then where you want the captcha image to appear <!-- include the Web Wiz CAPTCHA form --> <!--#include file="CAPTCHA/CAPTCHA_form_inc.asp" --> do that and it should help. The other alternative is to add javascript functions too to cut down on time wasters sending you garbage - http://www.justcheck.co.uk/contact.asp" rel="no follow - see here for an example - try submitting the form without filling in anything Hope that helps ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
Posted By: rkeener2
Date Posted: 16 February 2009 at 4:27am
|
OK, I'll give it a try. I'm kinda a noob with all this, so please forgive the following noob sounding questions. Funny thing is I have not received any spams attempts today. <scratches head> I received hundreds of them the last few days and the only change I made was to change all my ftp and hosting passwords and now they have stopped (though I do seem to recall receiving some spam yesterday after I changed my passwords). At the risk of sounding like I'm stating the obvious, Is one connected to the other or is this merely a coincidence? Also,I was doing some research on the web and reading about server side validation vs. client side validation and how, without server side validation, some asp codes can be "tricked" to send a form without validation. Could that have been happening with my site with the code I was using? (I assume Web Wiz has both server and client side validation. Thanks again for the previous quick response! ------------- rkeener2 |
Posted By: 123Simples
Date Posted: 16 February 2009 at 12:47pm
|
The hardest thing is preventing spam and having quickly surveyed your site, http://keenerlaw.com/worker-compensation-contact.html" rel="no follow - this page here actually shows an email address which means that "spamming" you makes it fairly simple. The trouble with having any business though will be spam, as one cannot help but advertise themselves, without spam attacks following You could perhaps try setting up a spam catcher on your server to "filter" out certain emails, so they are cut down Changing the FTP hosting passwords is just a co-incidence - I expect the spammers took the day off  If the spam is coming through your contact forms, then a javascript form validation will help cut down some of it. The other alternative is to setup a new email address and use that one, but hide it via a form to allow clients to contact you If you PM me perhaps I can send you an email with some further suggestions ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
Posted By: WebWiz-Bruce
Date Posted: 16 February 2009 at 2:16pm
|
Form a JavaScript validation will rarely slow down a spammer. Many spammers will workout which file sends off the actual email and then rather than go through the form on your website will have their spamming tool submit directly to the file that sends the email thus cercum navigating any protection you put in place. To protect yourself you need to ensure that the file that sends the email is adequately protected by using things like CAPTCHA and making sure that you validate the CAPTCHA security code is correct before the file runs the code to send the email. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: rmj6969
Date Posted: 15 March 2009 at 2:12pm
|
Can I get the file or explanation of how to include this code in the file?
Thanks
|
Posted By: WebWiz-Bruce
Date Posted: 16 March 2009 at 8:30am
|
The instructions on how to include it correctly in your own forms is on the following page:- http://www.webwiz.net/webwizrichtexteditor/kb" rel="nofollow - http://www.webwiz.net/webwizrichtexteditor/kb ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |