[Pro] web hacking questin

So all of a sudden I am receiving Russian emails from my contact page on my website. Receiving an average of 3 to 4 a day. Any suggestions on how to stop this garbage? Should I contact my host?
Thanks
John

http://www.jrobinsondesign.com/


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

What method did you use to build your contact page? If you used an Action, which one was it? There are options available for many of the form handlers popular in Freeway, some of which may help you. Ultimately, though, this is a bit like trench warfare. If someone really wants to annoy you, your only true option is to take down the contact form, which I agree, is not a real solution. No automated system can survive the “room full of underpaid bored people” attack, which is common and surprisingly inexpensive to mount. Automated attacks can be thwarted (for a while) using either CAPTCHA or Honeypot fields in your form, but even that becomes an arms race. There are paid services, like Akismet, which will do a better job, since they use human admins, but I’m not aware of any Actions to integrate that into Freeway.

Walter

On Dec 26, 2018, at 1:24 PM, John Robinson email@hidden wrote:

So all of a sudden I am receiving Russian emails from my contact page on my website. Receiving an average of 3 to 4 a day. Any suggestions on how to stop this garbage? Should I contact my host?
Thanks
John

http://www.jrobinsondesign.com/


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

You could add a captcha:

Jeremy


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Thanks for the advice. I may try the captcha and will look at my form and see if the action has something. But also agree about the trench warfare. personally hate it. I wonder if I go to a https if that would help?
John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

HTTPS makes no difference in this area. The reason to add HTTPS is because the browsers will all put scary warnings in the Location bar saying that any data sent via a normal HTTP connection is “Not Secure!”. HTTPS uses cryptography to secure all data sent to and from your server and the browser, and makes the communication with users private.

Walter

On Dec 26, 2018, at 2:29 PM, John Robinson email@hidden wrote:

Thanks for the advice. I may try the captcha and will look at my form and see if the action has something. But also agree about the trench warfare. personally hate it. I wonder if I go to a https if that would help?
John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Thanks Walt. I wasn’t sure an thought to ask.
John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

I posted about this a while back.

https://freewaytalk.softpress.com/thread/view/175428

As I wrote there, I ended up removing the contact forms on the pages that were being used. No one had used them for really contacting me anyway. It’s a sad situation that we can’t have nice things.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Hi Joe
Did you leave the contact page and just remove the form?
John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

I’ve used this honeypot technique for the past 4 years with tremendous results.

The above link is a MODX FormIt tutorial but there’s no reason it can’t be used elsewhere. The honeypot is just a bit of CSS and HTML and is not specific to MODX.

As others have mentioned time and again a honeypot will not prevent a human from manually spamming you but it will dramatically slow-down or even stop automated attacks.

I used this same technique on two sites that were previously getting dozens of (automated) spam messages per day. They have been spam-free for years with the rare exception of human submissions.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

The Honeypot technique is built into both the PHP Feedback Form Action and the (built in to Freeway 7) Send Form Action. There’s little or no configuration needed, and it should just work against actual robots.

Walter

On Dec 27, 2018, at 4:17 PM, Todd email@hidden wrote:

I’ve used this honeypot technique for the past 4 years with tremendous results.

The above link is a MODX FormIt tutorial but there’s no reason it can’t be used elsewhere. The honeypot is just a bit of CSS and HTML and is not specific to MODX.

As others have mentioned time and again a honeypot will not prevent a human from manually spamming you but it will dramatically slow-down or even stop automated attacks.

I used this same technique on two sites that were previously getting dozens of (automated) spam messages per day. They have been spam-free for years with the rare exception of human submissions.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Thanks, I will take a look at the suggestions.
John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

On 27 Dec 2018, 1:58 pm, John Robinson wrote:

Hi Joe
Did you leave the contact page and just remove the form?

Yeah, I didn’t feel like tweaking the sites to remove the links to the contact page. I put some text on the contact page that blamed the Russians wanting to sell me stuff.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Joe
Funny that you should mention Russians selling things, That was what I was getting as well.
Thanks John


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

Yep, they’re ruining the Internet for all of us. They spam our contact forms, join our groups to spam us, and who knows what else (I’ll leave out the political $#!^…) by manually doing it as Walt described above and there’s nothing we can really do to stop them.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options