Thread: Receiving Bogus Form Submittals

I'm using ABVFP forms in my site and everything works as it should. However, every so often one particular form is being submitted to me that's obviously bogus. I'm pasting a portion of it here so you can see what I mean. Everything after the = signs are the fields being filled-in. Here 'tis:

3 Electronics Series = adGsKkrrJSVNhtPZfn
3 Electronics Product = ejNCMaMxiiSN
3 Electronics Finish = RphSxlCnigrCPb
3 Electronics Quantity = dkwbLzsgYX
1 Steelcraft Series = czuMqpnmzpolt
1 Steelcraft Quantity = CshWGEuIvyX
2 Steelcraft Series = dXCXEWfcqiUqQKtT
2 Steelcraft Quantity = aHfwzNayHAF
3 Steelcraft Series = PyCYHHkbkJJJqar
3 Steelcraft Quantity = bSHXlYDzAueuKdmFlJw
Comments = kGSgWL <a href="http://ednhvpyidszt.com/">ednhvpyidszt</a>, xahgrvgkoiey, [link=http://mdllgwilehzc.com/]mdllgwilehzc[/link], http://tyglylwpaooa.com/


-----------------------------------------------------------
Date of submission : Saturday 5th April 2008, 3:04 PM
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
IP address : 202.75.33.249

* * *

The "look" of the filled-in fields is always the same in those bogus form submittals. Also, the IP addresses aren't showing in my cPanel Awstats.

If anyone can provide any insight into these or suggest how I might prevent their occurance, it will be appreciated.

Thanks.
Steve
www.irstnorcal.com

Unfortunately there is no way to differentiate this from a normal submission. It could be a human or it could be automated. If its automated the best method I can think of is seeing how long it took from when the form was loaded to when the form was submitted, if its only a second theres no way humanly possible to fill out the form that fast so you tell the script to ignore it.
If its human, then you could implement a dictionary to check the fields, if nothing is even a word (such as the gibberish entered into every field), then have the script ignore it.

Or if the IP is the same, just add the ip to the ip deny manager in cpanel, that will prevent them from using your site.

Install the new ABVFP version, and add the captcha code field in your form. This will prevent bot submission (or at least a &#37; of it).

yup captcha is the new sheriff in town. love it.

-cheers

Re navaldesigns

Install the new ABVFP version, and add the captcha code field in your form. This will prevent bot submission (or at least a % of it).

What effect will the new version have on my existing forms and existing ABVFP database? I'd prefer not to have to reinvent everything if at all possible. Is there a way of adding just the Captcha verification aspect?

I've downloaded and unzipped new version of ABVFP but, for the above reason, haven't uploaded files to public_html folder yet. Per the instructions "If you are a BV or WB5 user, just copy / paste the captcha object from the bottom of the included contactform, and place it wherever you like in your forms. Remember to edit yourdomain.com with your real domain name." I have done that and published my form, but the necessary image is missing.

Any hints, advice, assistance much appreciated. Thank you.

Steve
www.irstnorcal.com
Form is: www.irstnorcal.com/2quote_request_form.php

Originally Posted by Stevo

Re navaldesigns

What effect will the new version have on my existing forms and existing ABVFP database? I'd prefer not to have to reinvent everything if at all possible. Is there a way of adding just the Captcha verification aspect?

I've downloaded and unzipped new version of ABVFP but, for the above reason, haven't uploaded files to public_html folder yet. Per the instructions "If you are a BV or WB5 user, just copy / paste the captcha object from the bottom of the included contactform, and place it wherever you like in your forms. Remember to edit yourdomain.com with your real domain name." I have done that and published my form, but the necessary image is missing.

Any hints, advice, assistance much appreciated. Thank you.

Steve
www.irstnorcal.com
Form is: www.irstnorcal.com/2quote_request_form.php

No effect at all other than adding security. You only upload the new files on the server, and add the necessary captcha elements (field and image generator) in your form.

It would take no more than 10 minutes updating ABVFP and just 3 - 4 minutes per form.

Hints? Just what the tutorial says: open the "contactform.bvp" page included in the zip. Copy the necessary part (bottom of the form) and paste it in your own form. Double click the html area that contains the image generation code, and edit it as required (type your own domain name) . Save, publish, and refresh your browser before testing.

As usual, many thanks to navaldesign and Watdaflip for your great help and guidance. Much appreciated!

Steve
www.irstnorcal.com

Dang! Should have tested the newly modified form first...

Captcha appears to be working properly but I'm getting "Illegal form submission" error when I try to submit test form.

Any idea why?

Thanks.
Steve
www.irstnorcal.com
Form at: www.irstnorcal.com/quote_request_form.php

Make sure thatyou didn't forget the www. in the form URL in the ABVFP control panel or that you have not mistaken the Formid (either in the form itself, OR in the ABVFP settings)

Didn't even go into ABVFP control panel nor make any change whatsoever to Formid. Merely uploaded new ABVFP .v2 to public_html folder in cPanel and added Captcha html box (of course modified with my URL), etc., to the form itself.

Have since checked both of those aspects and they appear untouched and ok.

Any thoughts?

Thanks.
Steve
www.irstnorcal.com
Form is: www.irstnorcal.com/quote_request_form.php

Oh oh...now I've done it.

Went into ABVFP folder in cPanel and found an old file there which didn't appear in my new ABVFP .v2 files so, silly me thinking maybe it was causing the "Illegal form submission" problem, deleted it the file. BIG mistake. Now, when attempting to submit form, getting error messages that I'm 'missing dbts_ABVFP_config.php'. Yep...that was the file I deleted, alright.

So, now I've compounded the problem. Woe is me!

Please help! I'm sinking fast.

Thanks.
Steve
www.irstnorcal.com

Hi Steve,

if you have deleted the config file, then you need to recreate it. This can be done in two ways:

1. Reinstalling ABVFP. But, in this case you will lose all your setting and database info.

2. Manually. This is something that can be easily done. here is the code:

<?
$dbts_username="dbts_username";
$dbts_password="dbts_password";
$dbts_ownersite="http://www.irstnorcal.com";
$dbts_owneremail="youremail@yourdomain.com";
$db_host="localhost";
$db_name="cpanel_username_ABVFP";
$db_user="cpanel_username_DBuser";
$db_password="DBpassword";
?>


dbts_username and dbts_password are the username and password you had for logging in the ABVFP Control panel. If you don't remember these details, just type new ones.
Replace youremail@yourdomain.com with your real email.

cpanel_username_ABVFP , cpanel_username_DBuser and DBpassword are the details for the database access. You should have them in the email that ABVFP had sent you when you first installed it some time ago.

If you don't have them any more, you need to create a new USER for the ABVFP database. Of course you will be assigning this user a password, and you will also ADD this user to the ABVFP database with ALL permissions.

Copy the code in Notepad, replace the details as required, then Save As dbts_ABVFP_config.php and upload the file in your ABVFP folder.

If you have difficulties, you can send me your login details and i will do it for you.

Thanks, navaldesign. Have done it manually.

Also, sent you an email.

Thanks again.
Steve

Hi Steve,

you have mail.