1. You can look at your logs to see which IP are accessing which pages and block those IP. But that really doesn't work well as once one bot gets your addy, it will spread.
2. CAPTCHA = The image thing for input. You can add many things to make your form secure, but CAPTCHA is only one road block. Many of the bots can read the basic images. That's why more and more of the captcha images are twisted, lined, dotted, etc to further distort the lettering contained in the image. I did find a stand-alone free captcha site but unfortunately, it is tied to encrypting the email address too. Take a look at this page: h**p://w2.syronex.com/jmr/safemailto/The bad news is that if the email addy is not regular characters, the GlobalSCAPE server will not process the form for you! So I have NOT found a viable way to add this service to an existing CSB form.
YOU are getting spammed from your own form. It could be far worse!!!
- The good news is that the form does not allow 100's of others to get spammed.
- The good news is that your host has not ripped your site down because your form has caused your site to tie up server resources sending hundreds of emails,
- The good news is that your site has not been blacklisted for being a spammer!
The bad news is that YOU get spammed from your own form. Not by humans, but by robots that wander the web. They find the form again because you got on their list. Simple as that. If you were running a form script on your site that was insecure, you would be in WORSE shape than you are now.
You CAN do things to limit or stop your problem.
- Continue to use a CSB form for a while longer by putting a simple password protection in front of the form.
Post the password on the page near the link to the form for PEOPLE to read like this: password_is_in_navy
or create your OWN CAPTCHA image. Bots would miss this but people could access. Your human visitor would type in the password to access the form.
---In CSB5, you can password protect a single page (the form page).
---If you have access to cPanel, you can use WEBPROTECT feature to password protect.
---Or use .htaccess file to define a password
if your host allows it.
- Replace the CSB form.
Either: use a different 3rd party form processor
. Lots of them. Some paid, some free. These sites would act like the GlobalSCAPE server does, sending your form information through thier server on to your email addy. One of these services, cutandpastescripts.com is demonstrated here
. Another that I have not tried but looks promising is h**p://www.responders.com/OR install a script on your own site
. Make sure the form script you choose has protections against inserted codes and fields. This is the best long term solution!
Run a form script on your OWN website to process forms. Bright side...more control, more options. Down side...You must install the script and you must maintain control or risk your site being pulled down by the host for spamming! You must make sure the script you use is SECURE. If it can be broken and used to send several thousand emails by a spambot, you are responsible for the scripts you run. You must update and stay on guard.
- Use a CGI/Perl type form script. Lots are free...and very insecure! Some are paid with more security.
- Use a PHP type form script. In my opinion, this is the BEST option. So far this offers the best protection from spambots. MANY MANY MANY scripts offered. Go to HOTSCRIPTS.COM to find a suitable script.
Basically the FORM code is the same...Same input fields for your visitor and they would not see a difference that way. But the code you would purchase (if your host allows a PHP form code) does MANY things for you:
- would pull the data from the form and verify it
- check for inserted extra coding (spammers try to force thier code into your form to send to 10-200-500 people at one time using YOUR form),
- check for changes to the form/content (try to send it to other address instead of yours)
- keeps your email address private
- allows you to require certain fields
- allows you to send automated responses and/or copy to customer that is sending the form.
- and more....etc.
There are 3 parts to a form (made with CSB)
- The header (defines which order the fields are sent to you, email address, etc) that tells the server what to do with the form when it is sent by the visitor. This is put at the beginning of the form.
- The fields this is the name, address, etc part of the form itself seen by your visitor.
- The send/submit buttons. This part activates the form & data when the visitor invokes the send button.
PHP forms are almost the same concept. But they require SCRIPTING to work.
Main difference: The header.
The CSB form is fully readable in your source code. Your email address is exposed and the form has NO built in protections. The header tells the server to send your forms to the GlobalSCAPE server for processing. Your website server is NOT used to forward that email. The GlobalSCAPE server has some limited protections (max # forms per hour, max # fields) but can not protect you further.
The PHP form header points to a file that is stored BEYOND access of the casual visitor to your website. The email address, the definitions, the routing information, etc that is in the CSB form is now moved OUT of the form code and put into other files that can't be read by spammers. The files are FAR more complicated than CSB forms because they do so much more than CSB could ever do. Setup takes a while for the first one. You put files where you are told, fill in a few blanks the way YOU want them to be (name of fields, address, etc), answer some questions, etc then tweak the CSB built form header to point to the PHP code or use the sample forms they provide to begin (the best choice!). The PHP script will send you the email like CSB form does now, or can produce HTML style forms in your email! All choices you make within the script. The script will run from your website space and draw against your bandwidth usage. BUT be far more secure.
Though I still use some CSB forms on the site, I switched my main contact form to ultimate form mail.
1 runs in an iframe, so thank you page is contained within my contact page, no change of overall page.
2 prevents ENTER key from submitting form too early (IE and FIREFOX)
3 has colored input (in IE) fields
I hesitate to recommend ANY script. One that is known to be secure today may not be tomorrow. Or may not be available for sale.