FreewayTalk

13 replies to this thread. Most Recent

waltd

26 Dec 2018, 6:24 pm

[Pro] web hacking questin

What method did you use to build your contact page? If you used an Action, which one was it? There are options available for many of the form handlers popular in Freeway, some of which may help you. Ultimately, though, this is a bit like trench warfare. If someone really wants to annoy you, your only true option is to take down the contact form, which I agree, is not a real solution. No automated system can survive the “room full of underpaid bored people” attack, which is common and surprisingly inexpensive to mount. Automated attacks can be thwarted (for a while) using either CAPTCHA or Honeypot fields in your form, but even that becomes an arms race. There are paid services, like Akismet, which will do a better job, since they use human admins, but I’m not aware of any Actions to integrate that into Freeway.

Walter

On Dec 26, 2018, at 1:24 PM, John Robinson <[email protected]> wrote:

So all of a sudden I am receiving Russian emails from my contact page on my website. Receiving an average of 3 to 4 a day. Any suggestions on how to stop this garbage? Should I contact my host? Thanks John

http://www.jrobinsondesign.com/

Freeway user since 1997

http://www.walterdavisstudio.com

waltd

26 Dec 2018, 6:42 pm

What method did you use to build your contact page? If you used an Action, which one was it? There are options available for many of the form handlers popular in Freeway, some of which may help you. Ultimately, though, this is a bit like trench warfare. If someone really wants to annoy you, your only true option is to take down the contact form, which I agree, is not a real solution. No automated system can survive the “room full of underpaid bored people” attack, which is common and surprisingly inexpensive to mount. Automated attacks can be thwarted (for a while) using either CAPTCHA or Honeypot fields in your form, but even that becomes an arms race. There are paid services, like Akismet, which will do a better job, since they use human admins, but I’m not aware of any Actions to integrate that into Freeway.

Walter

On Dec 26, 2018, at 1:24 PM, John Robinson <[email protected]> wrote:

So all of a sudden I am receiving Russian emails from my contact page on my website. Receiving an average of 3 to 4 a day. Any suggestions on how to stop this garbage? Should I contact my host? Thanks John

http://www.jrobinsondesign.com/

Freeway user since 1997

http://www.walterdavisstudio.com

Jeremy Hughes

26 Dec 2018, 7:00 pm

You could add a captcha:

https://www.softpress.com/kb/questions/217/Using+a+%22Captcha%22+in+Freeway

Jeremy

John Robinson

26 Dec 2018, 7:29 pm

Thanks for the advice. I may try the captcha and will look at my form and see if the action has something. But also agree about the trench warfare. personally hate it. I wonder if I go to a https if that would help? John

waltd

26 Dec 2018, 7:34 pm

HTTPS makes no difference in this area. The reason to add HTTPS is because the browsers will all put scary warnings in the Location bar saying that any data sent via a normal HTTP connection is “Not Secure!”. HTTPS uses cryptography to secure all data sent to and from your server and the browser, and makes the communication with users private.

Walter

On Dec 26, 2018, at 2:29 PM, John Robinson <[email protected]> wrote:

Thanks for the advice. I may try the captcha and will look at my form and see if the action has something. But also agree about the trench warfare. personally hate it. I wonder if I go to a https if that would help? John

Freeway user since 1997

http://www.walterdavisstudio.com

John Robinson

27 Dec 2018, 1:39 pm

Thanks Walt. I wasn’t sure an thought to ask. John

Joe Muscara

27 Dec 2018, 1:50 pm

I posted about this a while back.

https://freewaytalk.softpress.com/thread/view/175428

As I wrote there, I ended up removing the contact forms on the pages that were being used. No one had used them for really contacting me anyway. It’s a sad situation that we can’t have nice things.

John Robinson

27 Dec 2018, 1:58 pm

Hi Joe Did you leave the contact page and just remove the form? John

Todd

27 Dec 2018, 9:17 pm

I’ve used this honeypot technique for the past 4 years with tremendous results.

The above link is a MODX FormIt tutorial but there’s no reason it can’t be used elsewhere. The honeypot is just a bit of CSS and HTML and is not specific to MODX.

As others have mentioned time and again a honeypot will not prevent a human from manually spamming you but it will dramatically slow-down or even stop automated attacks.

I used this same technique on two sites that were previously getting dozens of (automated) spam messages per day. They have been spam-free for years with the rare exception of human submissions.

waltd

27 Dec 2018, 9:54 pm

The Honeypot technique is built into both the PHP Feedback Form Action and the (built in to Freeway 7) Send Form Action. There’s little or no configuration needed, and it should just work against actual robots.

Walter

On Dec 27, 2018, at 4:17 PM, Todd <[email protected]> wrote:

I’ve used this honeypot technique for the past 4 years with tremendous results.

The above link is a MODX FormIt tutorial but there’s no reason it can’t be used elsewhere. The honeypot is just a bit of CSS and HTML and is not specific to MODX.

As others have mentioned time and again a honeypot will not prevent a human from manually spamming you but it will dramatically slow-down or even stop automated attacks.

I used this same technique on two sites that were previously getting dozens of (automated) spam messages per day. They have been spam-free for years with the rare exception of human submissions.

Freeway user since 1997

http://www.walterdavisstudio.com

John Robinson

28 Dec 2018, 2:01 pm

Thanks, I will take a look at the suggestions. John

Joe Muscara

29 Dec 2018, 12:17 pm

On 27 Dec 2018, 1:58 pm, John Robinson wrote:

Hi Joe Did you leave the contact page and just remove the form?

Yeah, I didn’t feel like tweaking the sites to remove the links to the contact page. I put some text on the contact page that blamed the Russians wanting to sell me stuff.

John Robinson

29 Dec 2018, 3:12 pm

Joe Funny that you should mention Russians selling things, That was what I was getting as well. Thanks John

Back to Top

Joe Muscara

30 Dec 2018, 2:11 pm

Yep, they’re ruining the Internet for all of us. They spam our contact forms, join our groups to spam us, and who knows what else (I’ll leave out the political $#!^…) by manually doing it as Walt described above and there’s nothing we can really do to stop them.