In despite of the few anti-spam modules I installed and configured, I still get a lot of spam in my mailbox from my Drupal site. The bots use a classic contact form, but the thing is, that there are no form submissions when I check the results page! Is it normal, considering they are bots?
I was thinking that they where perhaps using a google's cached version of the page.
Do you have any ideas? I don't know what to try or install anymore!
Try using BOTCHA MODULE of Drupal. It is very successful in preventing the BOTS submissions.
https://www.drupal.org/project/botcha
Easy to configure also.
How websites like Facebook and Twitter are protected against bot during registration? I mean, there's no captcha at all on the signup form?
I want to create a signup form for a project, and I don't want bot during registration and Captchas are often ugly..
edit:
My question is really during the registration because I know Facebook uses Captchas once registred for the first time.
Facebook uses some sort of hidden spam protection, if you view source of sign-up form you will see things like:
class="hidden_elem"><div class="fsl fwb">Security Check</div>This is a standard security test that we use to prevent spammers from creating fake accounts and spamming users.
so capture becomes visible when javascript will think that you are a bot.
Where is few methods of making it harder for bots to complete registration without capture, things
like timing to fill out form, originators of mouse clicks events ect.
also random session based values in form (to privent direct submissions without downloading of the form first)
also some people use hidden form elements with common names like 'email' that is styled invisible in css but common simple bots will try to fill out all form fields and so you can block them if this hidden element have any value
twitter and fb spend lot of time on developing tecniques to block spammers i don't think they will made it public as it will be counter productive for them to fight the spammers.
But all the client side javascripts you can download from fb or twitter and study them if you want, because most of the protection will happen inside client not on server.
server could only issue some random session variable, check for valid headers in request, overall time etc. its really limited.
some sites are also use ajax exchanges between server and client during the time when user is filling out the form , mostly just to make it harder for bot developer to do simular fake exchanges of data.
Anyway, unfortunatelly where is no easy solution to do decent protection , espesially without captcha or some kind of question
also,
for submit button you can use image map instead of button,
you can dynamically create big image with a submit botton image drawn on it at random position using things like GDI in PHP and using css to display only portion of that image with the actuall button, and on server side check X and Y position of where mouse was clicked, this will be hard for bots to break.
Unless they use real browsers and just emulate keyboard and mouse. Anyway , as i said unfortunatelly where is no easy solution.
One way would be to send a verification to the user's email address or cell phone and obtain verification (so in that case, you would have to allow only one email address or cell phone per account)
Another option is to use "Negative CAPTCHA" or "Honeypot Captcha"
I don't know how Facebook and Twitter do it, but if you want to create something simple and that doesn't interfere with your site aesthetics, I know that some websites just ask the user to enter an answer to a simple math problem like "what is 2 + 3?". This is not the most secure way to do it, but it's just a thought.
Well you can always deploy hardware solutions as well to create Layer 4-7 firewall rules. You can create specific rules to look for the well known agents of bots crawling the web. However to stop newly created bots you need to know what agent they are using for the bot.
Since you don't want CAPTCHA, you can use Keypic - keypic.com - which is an invisible protection, no CAPTCHA needed. It's an efficient antispam method for any web form. Site users don't pass any tests which is good for the site as it improves the quality of the user experience and thus raises user engagement. The solution is a kind of an expert system which analyses the behaviour of the users and checks the databases, then makes a conclusion if the request comes from a legitimate user or a robot.
BTW, Twitter and Facebook still use CAPTCHA for password verification which is a very disputable method in terms of efficiency of such protection.
I had a problem with tons of bots signing up for my Nintendo site so I put a single image of Mario on the sign-up page (making sure nothing in the image data said "Mario") with the text "Who is this? Answer in one word." Haven't had a single bot sign-up since. Not sure if this is actually a good solution though, not sure how smart bots are. I'm kind of surprised that it worked.
In theory it might be keeping out a few legitimate users, but it is hard to imagine many legitimate users of a Nintendo site not knowing who Mario is...
I'm a developer who has taken over a Joomla website, which was creatied using SEBLOD. The website is a listings website, which has over 300 listings on.
The purpose of the website is to get enquiries through the listsings.
Currently, the queries are attached to a button - which opens your email program and sends the email. This is not ideal.
Is there a way to create and attach a generic enquiry box or form to each listing, and include the name of the listing in this form when its sent?
Is there a way to create a form that can be attached on the frontend of the website page intead of
the "Request a quote" button.
To be candid, seblod is an impressive Joomla app, but I'm afraid you might not be able to get useful answers than on their forum, I've been using it now for over a year and I'm just coming to terms with some of its functionality. Visit the forums and you should be able to find a good answer from the devs there. Its an expansive suite so it might give some unique challenges.
We have had a web form on our site for a long time and the results were posted to an ASP page which emailed us the results. Recently we signed up with SalesForce and wanted to use the functionality to submit this data directly to SalesForce. I was able to successfully set this up by posting directly to their URL, but I would still also like to be able to receive an email copy of the data being submitted, just in case there are ever some issues with SalesForce and the data does not make it to the SalesForce system - we would have a backup.
Is there a way I can accomplish this in a simple manner? I am not much of a programmer but can understand a good amount of classic asp.
Well, it seems logical to me that you keep your old posting to the ASP page and afterward do the post to SalesForce (or vice versa). like that both emails are sent. To me this way of working seems like a way round, you could just as well send emails from your form. If you publish that form and ASP page we could take a look at it.
What applications exist that can take a series of fields from my db (or csv output from my db) and insert them into a web-based form and then submit that form?
Big Picture Use Case:
I maintain an in-house registration management system for webinars that we produce/present. Currently we use GoToWebinar.com to host our events but they haven't always been (and may not always continue to be) our vendor.
GoToWebinars.com does not provide me an API for creating registrations for 3rd party individuals. So when someone decides to attend one of our events they have to fill out 2 registrations forms, mine and GoToWebinars.com. I'd like to automate the task of filling in GoToWebinar's registration form.
I am looking into the same thing. I found some bits and pieces here and there and was able to decipher the URL to post to GTW:
https://www.gotowebinar.com/en_US/island/webinar/registration.flow?Template=island/webinar/registration.tmpl&Form=webinarRegistrationForm&WebinarKey=XXX_YOUR_WEBINAR_ID_XXX&Name_First=ViewersFirstName&Name_Last=ViewersLastName&Email=ViewersEmailAddress
If you are using cURL, then be sure to use CURLOPT_FOLLOWLOCATION because there are some redirections on the GTW side and cURL needs to follow them.
So far this seems to work for us.
Good luck!
I'm late to the party, but let me offer a way to call the CITRIX API via PHP to register a new GotoWebinar attendee, in case somebody else hits this page looking for the answer to your question.