CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Defending Stand-Alone Profile Forms from Spam
Pages: [1]

Author Topic: Defending Stand-Alone Profile Forms from Spam  (Read 6004 times)

Denver Dave

  • Ask me questions
  • ****
  • Posts: 471
  • Karma: 9
Defending Stand-Alone Profile Forms from Spam
February 05, 2010, 12:30:01 am
I'm testing CiviCRM version 3.1 stand-alone forms.  I take it that stand-alone forms don't use captcha without modification and I'm not necessarily a fan of captcha anyway.  However, I know from past experience, that a form left undefended will start to attract spam.  Because the stand-alone form adds records to the database, this could be bad. 

How are others defending their stand-alone forms against form spam?

Thanks.

Denver Dave

  • Ask me questions
  • ****
  • Posts: 471
  • Karma: 9
Re: Defending Stand-Alone Profile Forms from Spam
February 05, 2010, 06:21:41 pm
A little more on defending.  Seems like most approaches involve adding something to the form that detects a "human" and the something is evaluated by the form processing program.  Even with stand-alone forms, we could add our own captcha processing, add additional fields (what's 3 + 4) or I've had fairly good luck detecting if JavaScript is enabled.  

form action="http://<mydomain>/drupal/index.php?q=civicrm/profile/create&amp;gid=<group #>&amp;reset=1"
Sorry, so for over several versions, I continue to be clueless to where to find the code corresponding to the URL  - Tip ????

Thanks, Dave
« Last Edit: February 08, 2010, 03:11:57 pm by Denver Dave »

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Defending Stand-Alone Profile Forms from Spam
February 08, 2010, 01:38:33 pm
Dave - Code which builds the Profile create and / or edit forms is in:

CRM/Profile/Form/Form.php - buildQuickForm function.
Protect your investment in CiviCRM by  becoming a Member!

Piotr Szotkowski

  • I live on this forum
  • *****
  • Posts: 1497
  • Karma: 57
Re: Defending Stand-Alone Profile Forms from Spam
February 15, 2010, 04:52:38 am
Quote from: Denver Dave on February 05, 2010, 06:21:41 pm
A little more on defending.  Seems like most approaches involve adding something to the form that detects a "human" and the something is evaluated by the form processing program.  Even with stand-alone forms, we could add our own captcha processing, add additional fields (what's 3 + 4) or I've had fairly good luck detecting if JavaScript is enabled.

If you’re going with CAPTCHA anyway, you can use ReCAPTCHA.

Alternatively, a simple anti-spam measure (much friendlier to people) is to add a hidden field (or hide an input/textarea field via CSS) and require it to be empty – humans won’t see it, but spam robots often fill in all the fields they encounter.
If you found the above helpful, please consider helping us in return – you can even steer CiviCRM’s future and help us extend CiviCRM in ways useful to you.

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Defending Stand-Alone Profile Forms from Spam
February 06, 2011, 05:40:43 pm
Similar tools - CiviCRM uses reCaptcha for it's forms. You can google the projects if u need more info.
Protect your investment in CiviCRM by  becoming a Member!

Denver Dave

  • Ask me questions
  • ****
  • Posts: 471
  • Karma: 9
Re: Defending Stand-Alone Profile Forms from Spam
February 06, 2011, 08:32:51 pm
The reCaptcha also effective keeps people out.  I personally find them very hard to read.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • Defending Stand-Alone Profile Forms from Spam

This forum was archived on 2017-11-26.