Anyone else have this problem? My little web form is being spammed. Is there a danger? What is it? Can I stop it? Thanks.

Make them enter a captcha (spelling) code.

Thank you. I would have to add that programing which I may do. But in the meantime, has anyone else had this problem with their webforms? What is the danger? Thanks.

Jim

It depends on the security of your host. Not sure if your host is on WHM and using mid security and their rules.

Your site is simple html from what I saw.

A form being spammed is just annoying.

It just happens cuz if spam bots trying to get back links and send Viagra offers. A Captcha will minimize it. But it will never prevent it completely.

If you can share your hosting company that will help. Right now your asking us to fix a car engine without knowing the make and model

Yes, I've had that happen since day one, or maybe day two.

I added a function to the form to show the ISP of the sender. I soon found that they were coming from the same dozen or so ISPs. I blocked those ISPs from being able to see my website.

Since I'm temporarily only performing for repeat customers now, and only those that are within 60 miles from my home, I ain't missing much. That probably won't work for most everybody here though.

It's a pain if you get a lot of them. But I don't think it's a security breach.

Bazinga!

My form is through mail chimp and they have a double opt-in system so my spam is gone.

If you're using wordpress I would look into some plug ins. My went down after I took basic security measures. I think there are even captcha ones

Thanks, everyone. Relieved to hear it's not a real danger just annoying. My webform sends an email. I wonder if their bots are stealing valid emails and I'm sending emails to people who don't want them?

My webhosting is Go Daddy. I guess I should call them to see what they can do.

JIm

James,

Shared hosting such as GoDaddy is like using a public toilet, you will eventually catch something.

If you are worried about security your best bet is a managed VPS with cpanel.

G

Haha, completely agree!

James, there are (obviously) an awful lot of hosting solutions out there. One of the best ones that I've personally used is http://websynthesis.com/.
Obviously, others may have other recommendations, but I hope that is of some help.

- Mike

I use the most basic hosting on GoDaddy. I don't like the way they seem to change their pricing structure every time I renew (every three years) but I've never had any problems with my website. The robot form & email things can work on every website in the world. There are things to buy to cut it down. I just haven't had the need.

Different poeple with different experiences - the spice of life, eh?

Bazinga!

I use GoDaddy, and for the most part have no complaints. I do get spammed on occasion but not enough to worry about it. When I see a New York address I just delete it. I might get 3 or 4 at a time, and those tend to come every 3-4 weeks, but they come in batches.

My web contact form was being spammed by someone too stupid to realize it was an auto responder They thought they were posting links to their sites. I took down the form for two weeks and included other contact information. After I restored it, they had already moved on. As for GoDaddy - I host all of my sites with them, they have always been helpful whenever there was a problem. When my site was injected with malware I hired a company for less than $200 who cleaned it up and now monitors the site for issues. If anyone is ever hacked - I would highly recommend Sucuri Security. In fact, they are a good investment before it happens!

Have the same spam flood problems from my website contact forms and am on my own dedicated server

Never thought to check the IP's they were coming from and block those IP's (duh, every email I get comes with the IP in the emails), many thanks Bazinga

You're welcome Vick. 'Bout time I put up a useful idea, eh?

Bazinga!

How can I check the IP addresses? I called godaddy but their tech support said they couldn't do it. thanks.

Jim

James,

Don't bother. Just add a Captcha, that will stop automated bots.

Unfortunately even with a Captcha and spam filters, people will manually rotate IPs, use VPN and manually enter the Captcha. They bypass filters by altering words such as v1agra.

A Captcha will just minimize your spam email.

James,

I'm not up on the best current ways of writing code. I did mine several years ago and learned only what I needed to know for what I wanted to do. That being said, IF I'm correct, this is how mine works:

The form is a PHP file, not HTML.
The form is sent to me in an email message, using the POST command.
In the code are the lines:
$ip = $_SERVER['REMOTE_ADDR'];
IP: $ip

There is more to the page and its code of course, but I think those are the key points. What that does is show the sender's IP address as the last line of their request. It shows as ###.###.###.### and I use one of the "trace IP" websites to find where or who it comes from.

I don't think Caotcha was available (maybe just not on my hosting plan) at the time I did that, but in reading gothike's post it seems like that would be a lot easier than my way.

Bazinga!

Thanks, guys!
Jim

Hi James,
Look into having a Honeypot as a part of your form. If you use Wordpress there are plugins that will help you add this to your form. Simply it's an invisible part of the form asking for data, that only bots and automated systems can see. You're users won't see it themselves. When that invisible field has data entered in it the system automatically fails the form so it doesn't get sent, but doesn't send any feedback saying that it was failed. Ever since I've started using it on my site I've had no issues at all with this problem. Check it out pretty simple to set up.