Reducing spam from a Formloom 3 form


(Rob Beattie) #1

I’ve been having some problems with spam that seems to be coming in via Formloom 3. Two days ago I added ReCaptcha to the form.

Will this eventually reduce the amount of spam generated by spambots?

Thanks

Rob


(Mark Spaulding) #2

Yep, that will help stave off the robots.

Are you using SMTP? Greg at Chilldog suggests that utilizing SMTP is a hack vulnerability for php spammers.

Blessings,
—Mark


(Rob Beattie) #3

No, there’s no need to use SMTP in this instance. My concern is that I don’t know enough about spam.

You know, whether bots come in, harvest an address a thousand times an hour, spam it and then ‘forget’ it, or whether once harvested the address is passed from spammer to spammer to spammer forever…

I’d value any contributions from forum members who know anything about this stuff.

Thanks Mark.

Rob


(Gregory Barchard) #4

Once you’re marked. You’re on their radar. :slightly_smiling:

Are you sure it’s coming from the plugin or has it been harvested from embedding in your site?


(Rob Beattie) #5

So far as I can see, the only times the email address appear are:

  1. in the RW footer which I thought was ‘hidden’ by default
  2. In the form
  3. On the form page as a clickable link but I’ve used Doobox’ Secure Mail Generator to obfuscate the address.

Greg, are you saying that’s it. That the spam will now continue forever?

Or will it abate over time and if so, how long does it take? (A piece of string I know, but weeks, months, years?)

And is there anything more I can do to stop it?

Thanks,

Rob


(Gregory Barchard) #6

@robbeattie to be honest, i’m not convinced #1 is effective any more as bots are now able to parse and execute JS. #2 is easy to test by looking at the headers of a spam message. If it originated from the contact form, it’ll have the markings in it such as PHP Mailer (if this was the particular mailer used). I don’t know how #3 works, but I assume he’s done a sufficient job.

-Greg


(Rob Beattie) #7

Some good leads here Greg, thanks.

Any views on the more general questions at the end of my previous message - about whether this particular address will be spammed for ever more?

And here’s another thing. The client’s previous website had her address as a link on the page in clear view for years (no obfuscation at all) and they didn’t experience this level of spam.


(Gregory Barchard) #8

My guess is is that it’d be passed around and not just go away.

I would check your Catch All settings for the domain too (Under Default address in the control panel). I recommend Discard at SMTP time with “no such user” or Black Hole.

Finally, make sure you have Grey Listing enabled for the domain (also in the control panel).

-Greg


(Rob Beattie) #9

Thanks Greg, I’ll look into those.

What I don’t get I suppose is that I have several sites at Chillodog and many more at Little Oak and I’ve never had a problem like this before.

Is it just bad luck?

And what do people think about the previous point - “The client’s previous website had her address as a link on the page in clear view for years (no obfuscation at all) and they didn’t experience this level of spam.”

Just think it’s an interesting discussion that must impact lots of RW users.


(Gregory Barchard) #10

As they say in the stock market, previous results don’t dictate future performance. There are lots of ways a site can be crawled. It can be found from another site, a change in WHOIS information, etc. This could be a reality of getting traction and traffic on various fronts.


(Rob Beattie) #11

So I could say, hand-on-heart that that it’s probably just a co-incidence or an unfortunate result of having the site re-designed and moving it to a different host?

Rob


(Gregory Barchard) #12

Well, I recommend the changes outlined above too. Especially the default catch-all account. Spammers gonna Spam.

Use the techniques/configuration outlined above and decrease the Mailscanner High threshold from the default of 15 to 12 or 13. This will help filter/fight the incoming spam (at Chillidog only)


(Rob Beattie) #13

This is a whole new world to me. And remember Greg, the actual email account that the form points to is hosted at 1&1, not at Chillidog.

How does decreasing the Mailscanner threshold improve the filter’s ability to trap spam? Like I said, a whole new world.

Rob


(Gregory Barchard) #14

Sorry. Never mind. Forgot the email is hosted elsewhere. Was trying to help you manage it a little.