Forms

[hidden]

I remember reading (quite a long time ago) that the insert forms option actually hosts the form on a 2nd party server. Probably Globalscapes? Now that the software has been discontinued, has the hosting for these forms been discontinued also? I just set up a form http://chimpclick.com/id3.htm and I've emailed myself using the form no less than five or six times over the last few days and have yet to recieve one of those form responses. This worries me quite a bit because if this is the new standard we can expect I'm gonna have to redo a LOT of websites form pages. Is there a form script or something we can replace them with? I have obiously checked and rechecked the email address I used. That isn't the problem.

[hidden]

The GlobalSCAPE form server is still up and operational.
Works like a charm on several sites I work on.
 
GlobalSCAPE can and will continue to SUPPORT the program they have been selling for years in a few ways as stated in their announcement. For example, if you have forms on your site they will continue to work until at LEAST July 1, 2008 through their form server.  (You can always change out your form and not interrupt your webpages!)

I went to your site and sent a form, then also sent you an email directly using my email program and the address you assigned in the form page.  Let us know if you got either email.

What you can do:
1) change the names of your FIELDS... your code shows value="firstName,lastName,email,website url,website url 2,website url 3,mailingList"  Try removing the spaces from the names.  TO: websiteurl, websiteurl2, websiteurl3    Improper naming CAN cause other problems so it is likely this is YOUR problem.   

2) Check your own personal spam filter or JUNK mail filter.  AND don't forget to check another one...at the ISP/website where the form is being sent. The forms that you are not getting may be getting caught by a spam filter offered by your ISP (AOL, Earthlink, etc have built-in spam filters, etc) instead of being sent on to you.

I have mcafee on one machine with spam filter and it DOES NOT learn about spam well!  Always catches things I have told it to leave alone! Including some of my webmail! 

3) Also check the email address you asked for in the email in the form itself (double click the form placeholder to open it in CSB).  When you build the form, you do not use the cutesitebuilder address, you use YOUR email address.  The form will leave your website go to the GS form server then bounce to YOUR address.  Try a different address in the form.

4) Note that there is a limit on how many forms can be sent per hour!  This is partial spam protection. So don't try over and over and over.  That WOULD be seen as spam and would be blocked.

You can consider using other forms options BEFORE the form server goes away.
Right now, your forms are being PROCESSED by GlobalSCAPE. Their server is used to push that form to YOUR email address.  It offers us very basic form services that meet the MAJORITY of needs for basic users.  Even offers minimal security from spammers.   "The Trellix and CSB forms are very basic and have no such protections.  HOWEVER, the server that processes the forms does have a few protections like limiting the size (no more than 20 fields) and limiting the number of times the form can be submitted (no more than 10 per hour).  This protects your site from being pulled down by your host for spamming, but does not prevent a spammer from getting 10 emails out before being stopped."  But the standard CSB form does NOT protect your email address! Spambots can grab it ANY TIME they find your site!

You have 2 other options that offer more features:

1) Use another off-site server to process your forms.   Lots of them. Some paid, some free. These sites would act like the GlobalSCAPE server does, sending your form information through thier server on to your email addy.  One of these services, cutandpastescripts.com is demonstrated here.

• cutandpastescripts.com is not taking new customers, yet the demo of the form is shown and linked to on samisite.com because as I said in the other posts, that site is one of MANY 3rd party solutions.  I keep the sample up to show it can be done.
  
  A Google search came up immediately with another service that is online and functional, and has a privacy statement that says they will not use your or your visitors information for spam:  responders.com  I have not used the service but it is essentially the same as the other one mentioned.  Sign up, design a form, grab the code THEY give YOU, and put it into your web page using INSERT HTML feature in CSB and you have an active form.

2) Run a form script on your OWN website to process forms.   Bright side...more control, more options.  Down side...You must install the script and you must maintain control or risk your site being pulled down by the host for spamming!  You must make sure the script you use is SECURE. If it can be broken and used to send several thousand emails by a spambot, you are responsible for the scripts you run. You must update and stay on guard.

- Use a CGI/Perl type form script.  Lots are free...and very insecure!  Some are paid with more security.
- Use a PHP type form script. In my opinion, this is the BEST option. So far this offers the best protection from spambots.   MANY MANY MANY scripts offered. 

I will not RECOMMEND a form script to you. Form scripts come and go and may be secure today and be broken tomorrow.

You might consider UltimateFormMail.com script because of the good reputation over several years now for security and safety.  Plus the cost is reasonable for the features the script offers. The author provides support through an online forum, and has videos to demonstrate feature settings.  Provides a 15 day trial and even offers installation (for a price).  It's price point is affordable for its many features.

Basically the FORM code is the same...Same input fields for your visitor and they would not see a difference that way.  But the code you would purchase (if your host allows a PHP form code) does MANY things for you:
- would pull the data from the form and verify it
- check for inserted extra coding (spammers try to force thier code into your form to send to 10-200-500 people at one time using YOUR form),
- check for changes to the form/content (try to send it to other address instead of yours)
- keeps your email address private
- allows you to require certain fields
- allows you to send automated responses and/or copy to customer that is sending the form.
- and more....etc.

There are 3 parts to a form (made with CSB)
- The header (defines which order the fields are sent to you, email address, etc) that tells the server what to do with the form when it is sent by the visitor. This is put at the beginning of the form.
- The fields this is the name, address, etc part of the form itself seen by your visitor.
- The send/submit buttons. This part activates the form & data when the visitor invokes the send button.

PHP forms are almost the same concept.  But they require SCRIPTING to work.
Main difference:  The header. 

The CSB form is fully readable in your source code. Your email address is exposed and the form has NO built in protections.  The header tells the server to send your forms to the GlobalSCAPE server for processing.  Your website server is NOT used to forward that email.  The GlobalSCAPE server has some limited protections (max # forms per hour, max # fields) but can not protect you further. 

The PHP form header points to a file that is stored BEYOND access of the casual visitor to your website. The email address, the definitions, the routing information, etc that is in the CSB form is now moved OUT of the form code and put into other files that can't be read by spammers. The files are FAR more complicated than CSB forms because they do so much more than CSB could ever do.  Setup takes a while for the first one.  You put files where you are told, fill in a few blanks the way YOU want them to be (name of fields, address, etc), answer some questions, etc then tweak the CSB built form header to point to the PHP code or use the sample forms they provide to begin (the best choice!).  The PHP script will send you the email like CSB form does now, or can produce HTML style forms in your email!  All choices you make within the script.  The script will run from your website space and draw against your bandwidth usage. BUT be far more secure.


Even if CSB were still in development/production, still being sold, BETTER forms processing is something that requires effort OUTSIDE the CSB program. THAT is actually VERY LOGICAL!

The BEST solution is to get a well written script, preferably PHP that rebuffs attacks.  Until you are comfortable with installing a script your best bet is 3rd party form processing by another site.

TURTLE ALSO HAD THIS TO SAY ON EARLIER POSTS ABOUT FORMS:
E-mail form scripts unless they are designed to filter the visitor input can be used to by spammers to send e-mails to an address of their choice.
This is called Email Injection. Here is an article about it  It may be hard to understand, but by adding control codes to the data entered into one the fields in a form, spammers can cause their message to be sent to another address in addition to the one that is hard coded into the form mailer.
So the basic form mailers that just test the input fields to see if some text was entered but not what was entered are susceptible to abuse.
So avoid the simple form mailers that use just enough code to send the data.

[hidden]

Wow. great response Samisan. I am going to call my own dedicated server host tomorrow and see if they have a solution. If they don't, I may regress to just an emailed response from that page. Which brings up another question... do you know how to predetermine an emails subject? or is that another thread? thanks again

Fred

[hidden]

I just noticed in my fantastico that phpformgenerator is listed and I hadn't fnoticed that before. It seems simple enough. Use their free on line form generator and download the script. Has anyone tried it? I am mostly worried about the security if anything. Just checking it out and thought I would ask since the subject is fresh in here.

[hidden]

   I got verbose on that response.

Did you change your FIELD NAMES to remove all spaces and retry your form yet?  (#1 above)

1) change the names of your FIELDS... your code shows value="firstName,lastName,email,website url,website url 2,website url 3,mailingList"  Try removing the spaces from the names.  TO: websiteurl, websiteurl2, websiteurl3    Improper naming CAN cause other problems so it is likely this is YOUR problem.  

There are several things you can do to personalize your CSB built form, including having a response page, change the subject,etc.  This form sample (with code breakdown) has 2 special features.    Look for the the line
<input type="hidden" name="tlx_Subject" value="A subscription form from website">Change that value to something else and you get a different subject of the email!
This form one has 4 special features added to the CSB form with instructions.

BUT DO NOT TRY ANY OF IT UNTIL YOU HAVE THE BASIC FORM WORKING!

Let us know if changing the FIELD NAMES helped.  

Re your comment about generator... That makes a form.  Don't know that it comes with the SCRIPT to PROCESS the form. If so, does it protect you from INJECTION? (see TURTLE'S comments and link at the bottom of my last post)  If the script does not check for injected characters your site will be used by a spammer to send thousands of emails and get yanked down by your host!

[hidden]

I took the spaces out. haven't received an email yet. been about 5 minutes.

[hidden]

Nah. it ain't coming. Y'all might check your own Globalscape hosted forms?

[hidden]

re formgenerator I found this sourceforge.net/forum/message.php?msg_id=3573747 but can't tell if it indicates what is being discussed in Trudys links and your replies. I saw a lot of questions about security and instructions to move related items to password protected folders so maybe it is how they get around some things. Anyway signed up for yet another forum - lol to ask about this since I did not find it directly mentioned after a lot of looking around.

[hidden]

I'm going to host the forms on my server through a secure certificate. I just have to figure out if I can edit the CSB insert form to work hosting it on my server or if I have to find a new script for a form. If y'all have any resources for scripts lemme know.

[hidden]

The basic FORM structure (fields) might be usable with other processing method. That depends on the PROCESSING script.  I use a basic CSB form and changed out the header to point to cutandpastescripts.com, but can not do that for my forms with PHP processing.

You will need to read the documentation about the particular form script to see if they are compatible.

FORMS are NOT EASY to set up PROPERLY with security measures against spammers.
The CSB forms are a very nice convenience because they take no setup.


By the way, I posted YOUR page intact onto MY website and sent you a form.  Did you get it?
I will do some testing for your form tonight after 5pm and post some info.  Will need YOUR feedback if you will be available.  Are you going to be on IM tonight?

[hidden]

I haven't received a single form response yet. I have a wedding rehearsal tonight and I'll be gone from about 5pm - 9pm CST.

And what's WYSIWYG?

[hidden]

You are already married...Gonna be a bigamist?   

I will still play tonight on your form and see what happens....
It is something simple. Just need time to look at it.

And what's WYSIWYG?

What You See Is What You Get
Interface looks like the final product.
HTML editors work in a text editing format, not in a window that looks like your final web page.
CSB is considered WYSIWYG, you create a table and insert images and when you publish you see the same table with images...

[hidden]

I always wondered about that.

Actually a couple from my forums is getting married and I'm the best man. It's our second wedding. 

[hidden]

Any luck Samisan?

[hidden]

been working on other things.... Will turn to that soon and post notes.

[hidden]

I appreciate your help. I had to abandon it and go with a perl script hosted on my server.

[hidden]

Which one did you go with???

[hidden]

Dear all

After 12 months stressing  about what to with my forms if/when the cutesite forms stop being supported I have now changed over to forms hosted by www.web-form-buddy.com/  And it was pretty straightforward. The cost is $39.95 per year which I think is good value as the forms options are significant, you can have as many forms as you want for this on one website and has good security options and data checks etc. For me the gret thing is that as well as being future proofed at last the data handling is brilliant. Whilst you can have a email response the same as CS4 or you also opt to log in and download bulk responses to an spreadsheet which is brilliant if you have a lot of responses

There is a 14 day free trial. To get the trial programme working you need to create a new page then right click to get “properties” then select “Page” and name the short title “formdemodemo”  paste the trial code into the HTML webgem. When you publish cutesite it will automatically name the page as:   www.?.com/formbuddydemo.htm

I spent somewhile getting html form code right, webformbuddy does not provide the html code (other than the demo) but there are many sources to get simple forms codes from or try http://www.netobjects.com/html/essentials.html for a free code writer

Hope this helps

[hidden]

Glad you posted this Thanks. I have been researching the same things and they were on my possibly list. Do you know, since I am having a problem this, can you trace and block an ip address somehow with this service for example if someone starts spamming your form with just an email address sent periodically and continually?

[hidden]

This one will be added to my list of options on Samisite forms info.  Thanks!

[hidden]

Glad you posted this Thanks. I have been researching the same things and they were on my possibly list. Do you know, since I am having a problem this, can you trace and block an ip address somehow with this service for example if someone starts spamming your form with just an email address sent periodically and continually?

I am no expert, but it looks simple to trace the IP address, following a tick box option,  to quote from the webformbuddy site:

Web-form-buddy can automatically include some "real time" information in the data submitted by the form.
Include the sender's IP address , Include the date:, & the time

Subsequent blocking of that IP, is not mentioned, but the level of on-line help when I set up my forms was brilliant, so sure they could help

Additionally the first level of security is also very high to quote:

Someone is abusing my form with spam
Fortunately with Web-form-buddy you have plenty of weapons at your disposal to stop spam form submissions, in particular from "bots" i.e. automated submission robots.

The first thing to do is to make full use of Web-form-buddy's required field and field validation rules. This will never inconvenience your genuine users, but will give the programmers of those pesky spam bots a bit of a headache.

The next thing to do is enable Web-form-buddy's data confirmation option. Your genuine users will almost certainly appreciate this feature (it allows them to review and check their form submission), but, again, it will severely inconvenience the bad guys.

Finally you have the option to implement "CAPTCHA". The idea behind this approach is to provide a simple test that is easy for a human to figure out, but is a nightmare for a dumb, automated, "bot"!

Web-form-buddy currently offers three types of CAPTCHA: a standard text test, a simple maths test, and also ReCaptcha (which is a public service project to help in the task of digitizing the written word).

Hope this helps

[hidden]

........right click to get “properties” then select “Page” and name the short title “formdemodemo”  paste the trial code into the HTML webgem........

Should actually read:

........right click to get “properties” then select “Page” and name the short title “formbuddydemo”   , then paste the trial code into the HTML webgem

[hidden]

That helps a LOT! Thanks so much! I didn't have notes on that and I really thought I checked out the site thoroughly. Yep well worth the money if it does that! 

[hidden]

Hello all,

I just noticed that my CSB forms are not working any more. When you fill in the form and click the send button, there will be a thank you note, but the e-mail is not coming to me anymore (for example - and sorry about the language: http://www.fhas.fi/fin/yhteydenotto.htm). I have CSB 3.0 and I have used several forms in many of my pages and they have worked so far. I know that they will stop working 1st of July and I am in the middle of trying to find a new solution.

Has anyone else had same problems recently?

Thanks

Heikki

[hidden]

Hi, Are you getting mail at your own server or do you use a public domain server such as yahoo or hot mail? If so it maybe something in their filter that affects it. I don't have any forms up right now so I can't say if it is working maybe someone else with a functional form will reply as well.

[hidden]

All the forms I have posted are still working.  Several sites, several forms on those sites.

Wanda may be correct re filters.
Check your approved sender lists (add the GS server to the list) and check your Spam/junk mail.