Hi,

RS-forms is great, and has been a wonderful tool on our website.

However, a spammer seems to have bypassed the captcha protection. At first we thought they were manually bypassing it (by getting actual people to view it), but we noticed the Captcha code they used was 8 characters long.

RS-forms uses 4-character captchas, so this looks like some kind of trick. Any ideas? This same spammer was spamming using our Joomla form, which is why we installed rs-forms with the captcha protection on.

During manual input tests of the form, the protection is working. So 'empty' or 'wrong input' prompts for re-input. So this is a real mystery to us.

I've attached the exported CSV of results (and pasted a concise version below), the top two results are valid, but the ones below are from the spammer/hacker:

Ip Date Added Email Telephone FirstName LastName Captcha
221.127.96.150 30/01/2009 07:33 This e-mail address is being protected from spambots. You need JavaScript enabled to view it 123456 Gary Tong sbky
221.127.98.51 30/01/2009 19:47 This e-mail address is being protected from spambots. You need JavaScript enabled to view it 123456 Gary Tong jnim
91.124.205.27 02/02/2009 15:53 This e-mail address is being protected from spambots. You need JavaScript enabled to view it 123456 BoambNomylogyy BoambNomylogyy annobbyl
91.124.205.27 02/02/2009 12:55 This e-mail address is being protected from spambots. You need JavaScript enabled to view it 123456 BoambNomylogym BoambNomylogym annobbyl


Hope you can give us any ideas!

Thanks.

Gavin

Here's the attached .csv export file again http://www.360-english.com/tmp/spammed_rsforms.csv. The first upload failed

check out this thread... may help

www.rsjoomla.com/customer-support/forum/...pt-be-done.html#5348

I can see the theory why this would work. But the writer's script has some bugs in it, which I rewrote coz php was complaining:

Processed Script should be:
I'd actually thought of renaming the email ID's before, but wasn't sure of the php functions till your post, thanks sd.dan!

I'll let others know if this works for me.

Hello,

Please submit a ticket to tech support regarding this issue.

Thanks again for the post Dan. I can attest that we've been spam free for the past 3-4 days after using that script

RS-Forms is once again the love of our site!

OK< i submitted a support ticket, but apparently no one is around to answer it OR because your product is so messed up, you have too many tickets to answer? i want my money back!

Hello,

You have only submitted one support ticket (or at least one using this username, I couldn't find any other tickets you've submitted) which has already been answered for quite some time. Have you read your email ? Replies from our ticketing system go into your email inbox as well.

Please stop misleading other users. If you actually find any bugs in our software we will sort them out as soon as possible and we have always helped our customers.

MY bad. i'm sorry! i feel so stupid for having reacted this way this morning. i am working pro bono for a thankless company and all the spam i was getting put me in a really bad mood and i vented at the wrong place.



octavian wrote: