Reverse Captcha Problem

[webdesigner23]

Hello,

I am having problems with the Reverse Captcha.

I am pretty sure i've set up everything correctly. I am getting an error even when I fill out the form normal.

My hidden fields:

<input class="specialfield" name"field23" type="text" value="777" />
<input class="specialfield" name"field24" type="text" value="" />

Formmail.php code:

$ATTACK_DETECTION_REVERSE_CAPTCHA = array("field23"=>"777","field24"=>"");

my website is www . menifeecarpetcleaning .net

I keep getting this error when I fill out the form normally:
"Your form submission has been rejected as it appears to be an abuse of our server (www. menifeecarpetcleaning .net)."

Thank You for the help

[russellr]

Hi,

<input class="specialfield" name"field23" type="text" value="777" />
<input class="specialfield" name"field24" type="text" value="" />

You're missing the "=" after name.

It should be:

<input class="specialfield" name="field23" type="text" value="777" />
<input class="specialfield" name="field24" type="text" value="" />

Don't feel bad about missing that. It took me 5 minutes to see it after trying your form several times.

[russellr]

Hi,

BTW, if you set ALERT_ON_ATTACK_DETECTION to true in FormMail, it will tell you what the problem was via an alert email.

That will point you to the right place to look.

[webdesigner23]

Great thank you.

Another question.

How effective is this method for stopping spam? What should I be naming the fields and should I do anything different to be as effective as possible?

[russellr]

Hi,

It seems to be effective in stopping bots.

In terms of naming fields, it depends on the bots themselves.

• Some will fill in any field.
  
• Some will fill in fields that look like that should be submitted (like "address").

So, we now recommend that you name one field with a sensible name (such as "address1" or "addr", or "your_name") and one field with a nonsensical (and random) name (such as "f2epab5").

Make sure the sensible name isn't a name you're going to use for real data! The "sensible name" field should be empty (so bots are more likely to fill it in) and the "nonsensical field" should have a random value.

To be extra sure, why not add one or two more additional fields, and place your sensible name fields near your real fields on the form.

Remember: the aim is to trick bots into revealing themselves. So, you have to think how smart bots might operate as well as dumb ones.

The other thing is to use different methods for hiding the Reverse Captcha fields.

Some examples, using CSS:

HTML Code:

<div style="display:none">
 <input type="text" name="addr" />
</div>

HTML Code:

 <input style="display:none" type="text" name="addr" />

HTML Code:

 <input style="visibility:hidden" type="text" name="addr" />

HTML Code:

 <input style="position:fixed; left:-10000px; top:-10000px;" type="text" name="addr" />

[webdesigner23]

Hmm, This method isn't working. I seem to be getting the same amount of spam. How do I have formmail kick back a form if it has "123456" in the phone field?

Also any other ideas?

[russellr]

Hi,

That sounds unlikely.

Are you getting form results or an alert email from FormMail? You can tell by the subject line and the first few lines of the email.

If it's an email alert, you need to set ALERT_ON_ATTACK_DETECTION to false.

Otherwise, can you please email to supportstaff AT tectite DOT com, two things:

1. The URL of your form.
2. A copy of some of the spam you're getting.